Mercurial > p > roundup > code

annotate doc/upgrading.txt @ 7343:955a4efe9cbc

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Typo fix in example; formatting fix for priorty labels also add link for pep-0594
author John Rouillard <rouilj@ieee.org>
date Sun, 14 May 2023 13:06:46 -0400
parents 7321c0e6c53e
children 4be6434014ee
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
6586
24e2eeb2ed9a Add meta description to some doc pages.
John Rouillard <rouilj@ieee.org>
parents: 6464
diff changeset
1 .. meta::
6774
e7b4ad2c57ac landmarks, skiplink, remove bad attrs, autocomplete search
John Rouillard <rouilj@ieee.org>
parents: 6768
diff changeset
2 :description:
7138
1e3b9abbc2b9 shorten meta description < 160 chars. best practice.
John Rouillard <rouilj@ieee.org>
parents: 7134
diff changeset
3 Critical documentation for upgrading the Roundup Issue
1e3b9abbc2b9 shorten meta description < 160 chars. best practice.
John Rouillard <rouilj@ieee.org>
parents: 7134
diff changeset
4 Tracker. Actions that must be taken when upgrading from
6586
24e2eeb2ed9a Add meta description to some doc pages.
John Rouillard <rouilj@ieee.org>
parents: 6464
diff changeset
5 one version to another are documented here.
24e2eeb2ed9a Add meta description to some doc pages.
John Rouillard <rouilj@ieee.org>
parents: 6464
diff changeset
6
6168
de9d602c8ce6 more index entries and CHANGES.txt update for them.
John Rouillard <rouilj@ieee.org>
parents: 6128
diff changeset
7 .. index:: Upgrading
de9d602c8ce6 more index entries and CHANGES.txt update for them.
John Rouillard <rouilj@ieee.org>
parents: 6128
diff changeset
8
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
9 ======================================
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
10 Upgrading to newer versions of Roundup
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
11 ======================================
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
12
7296
c3b0fd62b0b8 Minor tweaks to upgrading general directions.
John Rouillard <rouilj@ieee.org>
parents: 7281
diff changeset
13 Please read each section carefully and edit the files in your tracker home
2016
2112962f5bb1 Update documentation for the client.py split and add an upgrade notice.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 2003
diff changeset
14 accordingly. Note that there is information about upgrade procedures in the
6781
b3d4b25b4922 Add links some updates.
John Rouillard <rouilj@ieee.org>
parents: 6780
diff changeset
15 `administration guide`_ in the `Software Upgrade`_ section.
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
16
7321
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
17 If a specific version transition isn't mentioned here (e.g. 0.6.7 to
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
18 0.6.8) then you don't need to do anything. If you're upgrading from
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
19 0.5.6 to 0.6.8 though, you'll need to apply the "0.5 to 0.6" and
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
20 "0.6.x to 0.6.3" steps.
2273
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
21
7047
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
22 General steps:
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
23
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
24 1. Make note of your current Roundup version.
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
25 2. Take your Roundup installation offline (web, email,
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
26 cron scripts, roundup-admin etc.)
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
27 3. Backup your Roundup instance
7296
c3b0fd62b0b8 Minor tweaks to upgrading general directions.
John Rouillard <rouilj@ieee.org>
parents: 7281
diff changeset
28 4. Install the new version of Roundup (preferably in a new virtual
c3b0fd62b0b8 Minor tweaks to upgrading general directions.
John Rouillard <rouilj@ieee.org>
parents: 7281
diff changeset
29 environment)
7047
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
30 5. Make version specific changes as described below for
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
31 each version transition. If you are starting at 1.5.0
7296
c3b0fd62b0b8 Minor tweaks to upgrading general directions.
John Rouillard <rouilj@ieee.org>
parents: 7281
diff changeset
32 and installing to 2.3.0, you need to make the changes for **all**
7047
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
33 versions starting at 1.5 and ending at 2.3. E.G.
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
34 1.5.0 -> 1.5.1, 1.5.1 -> 1.6.0, ..., 2.1.0 -> 2.2.0,
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
35 2.2.0 -> 2.3.0.
7296
c3b0fd62b0b8 Minor tweaks to upgrading general directions.
John Rouillard <rouilj@ieee.org>
parents: 7281
diff changeset
36 6. Run ``roundup-admin -i <tracker_home> migrate`` using the newer
c3b0fd62b0b8 Minor tweaks to upgrading general directions.
John Rouillard <rouilj@ieee.org>
parents: 7281
diff changeset
37 version of Roundup for **all** the trackers you have
c3b0fd62b0b8 Minor tweaks to upgrading general directions.
John Rouillard <rouilj@ieee.org>
parents: 7281
diff changeset
38 upgraded. This will update the database if it is required.
7047
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
39 7. Bring your Roundup instance back online
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
40 8. Test
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
41
7321
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
42 .. note::
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
43 The v1.5.x releases of Roundup were the last to support
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
44 Python v2.5 and v2.6. Starting with the v1.6 releases of Roundup
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
45 Python version 2.7 that is newer than 2.7.2 is required to run
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
46 Roundup. Starting with Roundup version 2.0.0 we also support Python 3
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
47 versions newer than 3.6.
4901
fa268ea457db Add note about dropping support for Python v2.5
John Kristensen <john@jerrykan.com>
parents: 4890
diff changeset
48
7217
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
49 Recent release notes have the following labels:
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
50
7343
955a4efe9cbc Typo fix in example; formatting fix for priorty labels
John Rouillard <rouilj@ieee.org>
parents: 7341
diff changeset
51 * required - Roundup will not work properly if these steps are not done
955a4efe9cbc Typo fix in example; formatting fix for priorty labels
John Rouillard <rouilj@ieee.org>
parents: 7341
diff changeset
52 * recommended - Roundup will still work, but these steps can cause
955a4efe9cbc Typo fix in example; formatting fix for priorty labels
John Rouillard <rouilj@ieee.org>
parents: 7341
diff changeset
53 security or stability issues if not done.
955a4efe9cbc Typo fix in example; formatting fix for priorty labels
John Rouillard <rouilj@ieee.org>
parents: 7341
diff changeset
54 * optional - new features or changes to existing features you might
955a4efe9cbc Typo fix in example; formatting fix for priorty labels
John Rouillard <rouilj@ieee.org>
parents: 7341
diff changeset
55 want to use
955a4efe9cbc Typo fix in example; formatting fix for priorty labels
John Rouillard <rouilj@ieee.org>
parents: 7341
diff changeset
56 * info - important possibly visible changes in how things operate
7217
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
57
7296
c3b0fd62b0b8 Minor tweaks to upgrading general directions.
John Rouillard <rouilj@ieee.org>
parents: 7281
diff changeset
58 If you use virtual environments for your installation, you can run
c3b0fd62b0b8 Minor tweaks to upgrading general directions.
John Rouillard <rouilj@ieee.org>
parents: 7281
diff changeset
59 trackers with different versions of Roundup. So you can have one tracker
c3b0fd62b0b8 Minor tweaks to upgrading general directions.
John Rouillard <rouilj@ieee.org>
parents: 7281
diff changeset
60 using version 2.2.0 and another tracker using version 1.6.1. This
c3b0fd62b0b8 Minor tweaks to upgrading general directions.
John Rouillard <rouilj@ieee.org>
parents: 7281
diff changeset
61 allows you to upgrade trackers one at a time rather than having to
c3b0fd62b0b8 Minor tweaks to upgrading general directions.
John Rouillard <rouilj@ieee.org>
parents: 7281
diff changeset
62 upgrade all your trackers at once.
c3b0fd62b0b8 Minor tweaks to upgrading general directions.
John Rouillard <rouilj@ieee.org>
parents: 7281
diff changeset
63
7321
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
64 .. note::
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
65
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
66 This file only includes versions released in the last 10
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
67 years. If you are upgrading from an older version, start with the
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
68 changes in the `historical migration <upgrading-history.html>`_
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
69 document.
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
70
4890
609edf9de0a5 docs: Remove one nesting level from ToC on subpages
anatoly techtonik <techtonik@gmail.com>
parents: 4880
diff changeset
71 Contents:
609edf9de0a5 docs: Remove one nesting level from ToC on subpages
anatoly techtonik <techtonik@gmail.com>
parents: 4880
diff changeset
72
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
73 .. contents::
4890
609edf9de0a5 docs: Remove one nesting level from ToC on subpages
anatoly techtonik <techtonik@gmail.com>
parents: 4880
diff changeset
74 :local:
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
75
6804
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
76 .. index:: Upgrading; 2.2.0 to 2.3.0
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
77
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
78 Migrating from 2.2.0 to 2.3.0
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
79 =============================
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
80
6814
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
81 Update your ``config.ini`` (required)
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
82 -------------------------------------
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
83
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
84 Upgrade tracker's config.ini file. Use::
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
85
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
86 roundup-admin -i /path/to/tracker updateconfig newconfig.ini
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
87
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
88 to generate a new ini file preserving all your settings.
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
89 You can then merge any local comments from the tracker's
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
90 ``config.ini`` to ``newconfig.ini`` and replace
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
91 ``config.ini`` with ``newconfig.ini``.
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
92
7203
12a3cd86668f auto update 'password_pbkdf2_default_rounds' "
John Rouillard <rouilj@ieee.org>
parents: 7166
diff changeset
93 ``updateconfig`` will tell you if it is changing old default
12a3cd86668f auto update 'password_pbkdf2_default_rounds' "
John Rouillard <rouilj@ieee.org>
parents: 7166
diff changeset
94 values or if a value must be changed manually.
12a3cd86668f auto update 'password_pbkdf2_default_rounds' "
John Rouillard <rouilj@ieee.org>
parents: 7166
diff changeset
95
7132
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
96 Using the roundup-mailgw script (required)
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
97 ------------------------------------------
7064
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
98
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
99 In previous versions the roundup-mailgw script had a ``-C`` (or
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
100 ``--class``) option for specifying a class to be used with ``-S`` (or
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
101 ``--set``) option(s). In the latest version the ``-C`` option is gone,
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
102 the class for this option is specified as a prefix, e.g. instead of ::
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
103
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
104 roundup-mailgw -C issue -S issueprop=value
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
105
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
106 You now specify ::
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
107
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
108 roundup-mailgw -S issue.issueprop=value
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
109
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
110 If multiple values need to be set, this can be achieved with multiple
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
111 ``-S`` options or with delimiting multiple values with a semicolon (in
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
112 that case the string needs to be quoted because semicolon is a shell
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
113 special character)::
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
114
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
115 roundup-mailgw -S 'issue.issueprop1=value1;issueprop2=value2'
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
116 roundup-mailgw -S issue.issueprop1=value1 -S issue.issueprop2=value2
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
117
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
118 are equivalent. Note that the class is provided as a prefix for the
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
119 set-string, not for each property. The class can be omitted altogether
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
120 in which case it defaults to ``msg`` (this default existed in previous
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
121 versions).
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
122
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
123 If you do not use the ``-C`` (or ``--class``) option in your current
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
124 setup of mailgw you don't need to change anything.
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
125
7132
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
126 Replace Create User permission for Anonymous with Register (required)
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
127 ---------------------------------------------------------------------
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
128
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
129 Check your trackers schema.py. If you have the following code::
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
130
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
131 db.security.addPermissionToRole('Anonymous', 'Create', 'user')
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
132
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
133 after the permission for Anonymous 'Email Access', change it to::
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
134
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
135 db.security.addPermissionToRole('Anonymous', 'Register', 'user')
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
136
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
137 The comment for Anonymous 'Email Access' may refer to Create. Change
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
138 it to refer to Register.
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
139
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
140 This will be an issue if you used the devel or responsive tracker
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
141 templates. If you used a classic, minimal or jinja2 template the
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
142 permission change (but not the comment change) should be done already.
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
143
6806
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
144 Rdbms version change from 7 to 8 (required)
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
145 -------------------------------------------
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
146
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
147 This release includes a change that requires updates to the
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
148 database schema.
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
149
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
150 Sessions and one time key (otks) tables in the Mysql and
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
151 PostgreSQL database use a numeric type that
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
152 truncates/rounds expiration timestamps. This results in
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
153 entries being purged early or late (depending on whether
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
154 it rounds up or down). The discrepancy is a couple of
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
155 days for Mysql or a couple of minutes for PostgreSQL.
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
156
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
157 Session keys stay for a week or more and CSRF keys are
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
158 two weeks by default. As a result, this isn't usually a
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
159 visible issue. This migration updates the numeric types
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
160 to ones that supports more significant figures.
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
161
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
162 You should backup your instance and run the
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
163 ``roundup-admin -i <tracker_home> migrate``
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
164 command for all your trackers once you've
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
165 installed the latest code base.
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
166
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
167 Do this before you use the web, command-line or mail
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
168 interface and before any users access the tracker.
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
169
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
170 If successful, this command will respond with either
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
171 "Tracker updated" (if you've not previously run it on an
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
172 RDBMS backend) or "No migration action required" (if you
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
173 have run it, or have used another interface to the tracker,
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
174 or are using anydbm).
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
175
6814
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
176 Session/OTK data storage for SQLite backend changed (required)
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
177 --------------------------------------------------------------
6804
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
178
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
179 Roundup stores a lot of ephemeral data:
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
180
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
181 * login session tokens,
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
182 * rate limits
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
183 * password reset attempt tokens
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
184 * one time keys
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
185 * and anti CSRF keys.
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
186
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
187 These were stored using dbm style files while the main data
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
188 is stored in a SQLite db. Using both dbm and sqlite style
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
189 files is surprising and due to how we lock dbm files can be
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
190 a performance issue.
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
191
6814
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
192 However you can continue to use the dbm files by setting the
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
193 ``backend`` option in the ``[sessiondb]`` section of
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
194 ``config.ini`` to ``anydbm``.
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
195
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
196 If you do not change the setting, two sqlite databases
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
197 called ``db-otk`` and ``db-session`` replace the dbm
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
198 databases. Once you make the change the old ``otks`` and
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
199 ``sessions`` dbm databases can be removed.
6804
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
200
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
201 Note this replacement will require users to log in again and
6814
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
202 refresh web pages to save data. It is best if people save
6804
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
203 all their changes and log out of Roundup before the upgrade
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
204 is done to minimize confusion. Because the data is
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
205 ephemeral, there is no plan to migrate this data to the new
6814
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
206 SQLite databases. If you want to keep using the data set the
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
207 ``sessiondb`` ``backend`` option as described above.
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
208
7166
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
209 Update ``config.ini``'s ``password_pbkdf2_default_rounds`` (required)
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
210 ---------------------------------------------------------------------
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
211
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
212 Roundup hashes passwords using PBKDF2 with SHA1. PBKDF2 has a
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
213 parameter that makes hashing a password more difficult to do.
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
214 The original 10000 value was set years ago. It has not been
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
215 updated for advancements in computing power.
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
216
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
217 This release of Roundup changes the value to 2000000 (2
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
218 million). This exceeds the current `recommended setting of
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
219 1,300,000`_ for PBKDF2 when used with SHA1.
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
220
7203
12a3cd86668f auto update 'password_pbkdf2_default_rounds' "
John Rouillard <rouilj@ieee.org>
parents: 7166
diff changeset
221 If you were using the old 10000 value, it will be automatically
12a3cd86668f auto update 'password_pbkdf2_default_rounds' "
John Rouillard <rouilj@ieee.org>
parents: 7166
diff changeset
222 upgraded to 2 million by using ``roundup-admin``'s
12a3cd86668f auto update 'password_pbkdf2_default_rounds' "
John Rouillard <rouilj@ieee.org>
parents: 7166
diff changeset
223 ``updateconfig``. If you were not using the old 10000 default,
12a3cd86668f auto update 'password_pbkdf2_default_rounds' "
John Rouillard <rouilj@ieee.org>
parents: 7166
diff changeset
224 you should update it manually.
12a3cd86668f auto update 'password_pbkdf2_default_rounds' "
John Rouillard <rouilj@ieee.org>
parents: 7166
diff changeset
225
7166
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
226 After the change users will still be able to log in using the
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
227 older 10000 round hashed passwords. If ``migrate_passwords`` is
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
228 set to ``yes``, passwords will be automatically re-hashed using
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
229 the new higher value when the user logs in.
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
230
7209
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
231 Increasing the number of rounds will slow down re-hashing. That's the
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
232 whole point. Sadly it will also slow down logins. Usually the hash
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
233 takes under 1 second, but if you are using a slow chip (e.g. an ARM V6
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
234 at 700 bogo mips) it can take 30 seconds to compute the 2000000
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
235 rounds. The slowdown is linear. So what takes .001 seconds at 10000
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
236 rounds will take: ``2000000/10000 * .001 = 200 * .001`` seconds or 0.2
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
237 seconds.
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
238
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
239 You can see how long it will take by using the new ``roundup-admin``
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
240 ``perftest`` command. After you have finished migrating your database,
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
241 run::
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
242
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
243 roundup-admin -i <tracker_home> perftest password rounds=10000
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
244
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
245 and then::
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
246
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
247 roundup-admin -i <tracker_home> perftest password rounds=2,000,000
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
248
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
249 so see the difference. Output from this command looks like::
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
250
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
251 Hash time: 0.203151849s scheme: PBKDF2 rounds: 10000
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
252
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
253 If your testing reports a hash time in the 0.5 second range for 10000
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
254 rounds, there may be another issue. See if executing::
7166
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
255
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
256 python3 -c 'from hashlib import pbkdf2_hmac'
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
257
7209
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
258 produces an error.
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
259
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
260 If you get an ImportError, you are using Roundup's fallback PBKDF2
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
261 implementation. It is much slower than the library version. As a
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
262 result re-encrypting the password (and logging in, which requires
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
263 calculating the encrypted password) will be very slow.
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
264
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
265 You should find out how to make the import succeed. You may need to
7166
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
266 install an OS vendor package or some other library.
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
267
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
268 .. _recommended setting of 1,300,000: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
269
7217
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
270 jQuery updated with updates to user.help.html (recommended)
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
271 -----------------------------------------------------------
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
272
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
273 The devel and responsive templates shipped with an old version of
7275
c5d01886b27d fix mispelling.
John Rouillard <rouilj@ieee.org>
parents: 7217
diff changeset
274 jQuery. According to automated tests, it may have a security issue. It
7217
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
275 has been updated to the current version: 3.6.3. If your tracker is
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
276 based on one of these templates (see the ``TEMPLATE-INFO.txt`` file in
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
277 your tracker), remove the old ``html/jquery.js`` file from your
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
278 tracker and copy the new ``jquery-3.6.3.js`` file from the template
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
279 directory to your tracker's ``html`` directory. Also copy in the new
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
280 ``user.help.html`` file. It now references the new ``jquery-3.6.3.js``
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
281 file.
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
282
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
283
6814
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
284 Session/OTK data storage using Redis (optional)
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
285 -----------------------------------------------
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
286
6819
1319ab13f286 redis works with python 2.7 too.
John Rouillard <rouilj@ieee.org>
parents: 6814
diff changeset
287 You can store your ephemeral data in a Redis database. This
1319ab13f286 redis works with python 2.7 too.
John Rouillard <rouilj@ieee.org>
parents: 6814
diff changeset
288 provides significantly better performance for ephemeral data
1319ab13f286 redis works with python 2.7 too.
John Rouillard <rouilj@ieee.org>
parents: 6814
diff changeset
289 than SQLite or dbm files. See the section `Using Redis for
1319ab13f286 redis works with python 2.7 too.
John Rouillard <rouilj@ieee.org>
parents: 6814
diff changeset
290 Session Databases`_ in the `administration guide`_
6814
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
291
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
292
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
293 .. _Using Redis for Session Databases:
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
294 admin_guide.html#using-redis-for-session-databases
6804
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
295
6930
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
296 New SQLite databases created with WAL mode journaling (optional)
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
297 ----------------------------------------------------------------
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
298
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
299 By default, SQLite databases use a rollback journal when
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
300 writing an update. The rollback journal stores a copy of the
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
301 data from before the update. One downside of this is that
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
302 all reads have to be suspended while a write is
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
303 occurring. SQLite has an alternate way of insuring ACID
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
304 compliance by using a WAL (write ahead log) journal.
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
305
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
306 Version 2.3.0 of Roundup, creates new SQLite databases using
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
307 WAL journaling. With WAL, a writer does not block readers
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
308 and readers do not block writing an update. This keeps
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
309 Roundup accessible even under a heavy write load (e.g. when
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
310 bulk loading data or automated updates via REST).
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
311
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
312 If you want to convert your existing SQLite db to WAL mode:
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
313
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
314 1. check the current journal mode on your database
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
315 using::
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
316
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
317 sqlite3 <tracker_home>/db/db "pragma journal_mode;"
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
318
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
319 2. If it returns ``delete``, change it to WAL mode using::
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
320
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
321 sqlite3 <tracker_home>/db/db "pragma journal_mode=WAL;"
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
322
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
323 3. verify by running the command in step 1 again and you
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
324 should get ``wal``.
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
325
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
326 If you are using SQLite for session and otk databases,
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
327 perform the same steps replacing ``db`` with ``db-session``
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
328 and ``db-otk``.
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
329
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
330 If you find WAL mode is not working for you, you can set the
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
331 journal method to a rollback journal (``delete`` mode) by
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
332 using step 2 and replacing ``wal`` with ``delete``. (Note:
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
333 SQLite supports other journaling modes, but only ``wal`` and
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
334 ``delete`` persist. Roundup doesn't set a journaling mode
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
335 when it opens the database, so options such as ``truncate``
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
336 are not used.)
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
337
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
338 For details on WAL mode see `<https://www.sqlite.org/wal.html>`_
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
339 and `<https://www.sqlite.org/pragma.html#pragma_journal_mode>`_.
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
340
7217
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
341 Change in processing allowed_api_origins setting (info)
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
342 -------------------------------------------------------
7155
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
343
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
344 In this release you can use both ``*`` (as the first origin) and
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
345 explicit origins in the `allowed_api_origins`` setting in
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
346 ``config.ini``. (Before it was only one or the other.)
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
347
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
348 You do not need to use ``*``. If you do, it allows any client
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
349 anonymous (unauthenticated) access to the Roundup tracker. This
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
350 is the same as browsing the tracker without logging in. If they
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
351 try to provide credentials, access to the data will be denied by
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
352 `CORS`_.
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
353
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
354 If you include explicit origins (e.g. \https://example.com),
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
355 users from those origins will not be blocked if they use
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
356 credentials to log in.
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
357
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
358 .. _CORS: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
359
7217
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
360 Change in processing of In-Reply_to email header (info)
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
361 -------------------------------------------------------
6941
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
362
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
363 Messages received via email usually include a ``[issue23]``
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
364 designator in the subject line. This indicates what issue is
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
365 being updated. If the designator is missing, Roundup tries
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
366 to find the correct issue by using the in-reply-to email
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
367 header.
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
368
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
369 The former code appends the new message to the first issue
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
370 found with a message matching the in-reply-to
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
371 header. Usually a message is associated with only one
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
372 issue. However nothing in Roundup requires that.
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
373
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
374 In this release, the in-reply-to matching is disabled if
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
375 there are multiple issues with the same message. In this
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
376 case, subject matching is used to try to find the matching
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
377 issue.
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
378
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
379 If you don't have messages assigned to multiple issues you
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
380 will see no change. If you do have multi-linked messages
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
381 this will hopefully result in better message->issue
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
382 matching.
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
383
6775
bc9728a17f76 Fix index markers.
John Rouillard <rouilj@ieee.org>
parents: 6774
diff changeset
384 .. index:: Upgrading; 2.1.0 to 2.2.0
6248
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
385
6698
b56bd672ebbf formatting changes
John Rouillard <rouilj@ieee.org>
parents: 6688
diff changeset
386 Migrating from 2.1.0 to 2.2.0
6458
8f1b91756457 issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents: 6456
diff changeset
387 =============================
8f1b91756457 issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents: 6456
diff changeset
388
6688
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
389 Update your ``config.ini`` (required)
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
390 -------------------------------------
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
391
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
392 Upgrade tracker's config.ini file. Use::
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
393
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
394 roundup-admin -i /path/to/tracker updateconfig newconfig.ini
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
395
6814
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
396 to generate a new ini file preserving all your settings.
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
397 You can then merge any local comments from the tracker's
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
398 ``config.ini`` to ``newconfig.ini`` and replace
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
399 ``config.ini`` with ``newconfig.ini``.
6688
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
400
6590
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
401 Rdbms version change from 6 to 7 (required)
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
402 -------------------------------------------
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
403
6599
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
404 This release includes two changes that require updates to the database
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
405 schema:
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
406
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
407 1. The size of words included in the Roundup FTS indexers have been
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
408 increased from 25 to 50. This requires changes to the database
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
409 columns used by the native indexer. This also affect the whoosh
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
410 and xapian indexers.
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
411 2. Some databases that include native full-text search (native-fts
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
412 indexer) searching are now supported.
6590
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
413
6780
f1af67bf8fae doc change: roundup migrate and fts link.
John Rouillard <rouilj@ieee.org>
parents: 6775
diff changeset
414 You should run the ``roundup-admin -i <tracker_home> migrate`` command
f1af67bf8fae doc change: roundup migrate and fts link.
John Rouillard <rouilj@ieee.org>
parents: 6775
diff changeset
415 for all your trackers once you've installed the latest codebase.
6590
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
416
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
417 Do this before you use the web, command-line or mail interface
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
418 and before any users access the tracker.
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
419
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
420 If successful, this command will respond with either "Tracker
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
421 updated" (if you've not previously run it on an RDBMS backend) or
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
422 "No migration action required" (if you have run it, or have used
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
423 another interface to the tracker, or are using anydbm).
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
424
6780
f1af67bf8fae doc change: roundup migrate and fts link.
John Rouillard <rouilj@ieee.org>
parents: 6775
diff changeset
425 See `below if you want to enable native-fts searching`_.
f1af67bf8fae doc change: roundup migrate and fts link.
John Rouillard <rouilj@ieee.org>
parents: 6775
diff changeset
426
f1af67bf8fae doc change: roundup migrate and fts link.
John Rouillard <rouilj@ieee.org>
parents: 6775
diff changeset
427 .. _below if you want to enable native-fts searching: \
6599
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
428 #enhanced-full-text-search-optional
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
429
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
430 The increase in indexed word length also affects whoosh and xapian
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
431 backends. You may want to run ``roundup-admin -i tracker_home
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
432 reindex`` if you want to index or search for longer words in your full
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
433 text searches. Re-indexing make take some time.
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
434
6688
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
435 Check new login_empty_passwords setting (required)
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
436 --------------------------------------------------
6684
9ca5cbffa0c4 Switch off using blank passwords for login
John Rouillard <rouilj@ieee.org>
parents: 6626
diff changeset
437
9ca5cbffa0c4 Switch off using blank passwords for login
John Rouillard <rouilj@ieee.org>
parents: 6626
diff changeset
438 In this version of Roundup, users with a blank password are not
9ca5cbffa0c4 Switch off using blank passwords for login
John Rouillard <rouilj@ieee.org>
parents: 6626
diff changeset
439 allowed to login. Blank passwords have been allowed since 2002, but
9ca5cbffa0c4 Switch off using blank passwords for login
John Rouillard <rouilj@ieee.org>
parents: 6626
diff changeset
440 2022 is a different time. If you have a use case that requires a user
9ca5cbffa0c4 Switch off using blank passwords for login
John Rouillard <rouilj@ieee.org>
parents: 6626
diff changeset
441 to login without a password, set the ``login_empty_passwords`` setting
6688
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
442 in the ``web`` section of ``config.ini`` to ``yes``. In
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
443 general this should be left at its default value of ``no``.
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
444
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
445 Check allowed_api_origins setting (optional)
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
446 --------------------------------------------
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
447
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
448 If you are using the REST or xmlrpc api's from an origin
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
449 that is different from your roundup tracker, you will need
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
450 to add your allowed origins to the allowed_api_origins in
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
451 your updated ``config.ini``. Upgrade your ``config.ini`` as
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
452 described above then read the documentation for the setting
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
453 in ``config.ini``.
6684
9ca5cbffa0c4 Switch off using blank passwords for login
John Rouillard <rouilj@ieee.org>
parents: 6626
diff changeset
454
6589
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
455 Check compression settings (optional)
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
456 -------------------------------------
6458
8f1b91756457 issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents: 6456
diff changeset
457
6591
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
458 Read the `administration guide`_ section on `Configuring Compression`_.
6458
8f1b91756457 issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents: 6456
diff changeset
459
6688
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
460 Upgrade your tracker's config.ini as described
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
461 above. Compare the old and new files and configure new
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
462 compression settings as you want. Then replace
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
463 ``config.ini`` with the ``newconfig.ini`` file.
6458
8f1b91756457 issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents: 6456
diff changeset
464
6589
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
465 Search added to user index page (optional)
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
466 ------------------------------------------
6464
28461636e249 issue1596345 - filtering user list (need user.search.hml)
John Rouillard <rouilj@ieee.org>
parents: 6458
diff changeset
467
28461636e249 issue1596345 - filtering user list (need user.search.hml)
John Rouillard <rouilj@ieee.org>
parents: 6458
diff changeset
468 A search form and count of number of hits has been added to the
28461636e249 issue1596345 - filtering user list (need user.search.hml)
John Rouillard <rouilj@ieee.org>
parents: 6458
diff changeset
469 ``user.index.html`` template page in the classic template. You may
28461636e249 issue1596345 - filtering user list (need user.search.hml)
John Rouillard <rouilj@ieee.org>
parents: 6458
diff changeset
470 want to merge the search form and footer into your template.
28461636e249 issue1596345 - filtering user list (need user.search.hml)
John Rouillard <rouilj@ieee.org>
parents: 6458
diff changeset
471
6589
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
472 Enhanced full-text search (optional)
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
473 ------------------------------------
6588
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6586
diff changeset
474
6604
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
475 SQLite's `FTS5 full-text search engine`_ is available as is
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
476 `PostgreSQL's full text search`_. Both require a schema upgrade so you
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
477 should run::
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
478
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
479 roundup-admin -i tracker_home migrate
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
480
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
481 to create FTS specific tables before restarting the roundup-web or
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
482 email interfaces.
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
483
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
484 SQLite 3.9.0+ or PostgreSQL 11.0+ are required to use this feature.
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
485 When using SQLite, all full text search fields will allow searching
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
486 using the MATCH query format described at:
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
487 https://www.sqlite.org/fts5.html#full_text_query_syntax. When using
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
488 PostgreSQL either the websearch_to_tsquery or to_tsquery formats
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
489 described on
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
490 https://www.postgresql.org/docs/14/textsearch-controls.html#TEXTSEARCH-PARSING-QUERIES
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
491 can be used. The default is websearch. Prefixing the search with
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
492 ``ts:`` enables tsquery mode.
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
493
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
494 A list of words behaves almost the same as the default text search
6588
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6586
diff changeset
495 (`native`). So the search string `fts search` will find all issues
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6586
diff changeset
496 that have both of those words (an AND search) in a text-field (like
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6586
diff changeset
497 title) or in a message (or file) attached to the issue.
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6586
diff changeset
498
6604
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
499 One thing to note is that native-fts searches do not ignore words
6613
2eec7a500333 Doc updates for indexers.
John Rouillard <rouilj@ieee.org>
parents: 6604
diff changeset
500 longer than 50 characters or less than 2 characters. Also SQLite does
2eec7a500333 Doc updates for indexers.
John Rouillard <rouilj@ieee.org>
parents: 6604
diff changeset
501 not filter out common words (i.e. there is no stopword list). So words
6604
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
502 like "and", "or", "then", "with" ... are included in the FTS5 search.
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
503
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
504 You must explicitly enable this search mechanism by changing the
6613
2eec7a500333 Doc updates for indexers.
John Rouillard <rouilj@ieee.org>
parents: 6604
diff changeset
505 ``indexer`` setting in ``config.ini`` to ``native-fts``. Native-fts
2eec7a500333 Doc updates for indexers.
John Rouillard <rouilj@ieee.org>
parents: 6604
diff changeset
506 must be explicitly chosen. This is different from Xapian or Whoosh
2eec7a500333 Doc updates for indexers.
John Rouillard <rouilj@ieee.org>
parents: 6604
diff changeset
507 indexers, which are chosen if they are installed in the Python
2eec7a500333 Doc updates for indexers.
John Rouillard <rouilj@ieee.org>
parents: 6604
diff changeset
508 environment. This prevents the existing native indexing from being
2eec7a500333 Doc updates for indexers.
John Rouillard <rouilj@ieee.org>
parents: 6604
diff changeset
509 discarded if ``indexer`` is not set.
6591
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
510
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
511 Next re-index your data with ``roundup-admin -i tracker_home
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
512 reindex``. This can take a while depending on the size of the tracker.
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
513
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
514 You may want to update your ``config.ini`` by following the directions
6588
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6586
diff changeset
515 above to get the latest documentation.
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6586
diff changeset
516
6604
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
517 See the `administration guide notes on native-fts`_ for further details.
6588
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6586
diff changeset
518
6589
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
519 Adding error reporting templates (optional)
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
520 -------------------------------------------
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
521
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
522 Currently some internal errors result in a bare html page with an
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
523 error message. The usual chrome supplied by page.html is not shown.
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
524 For example query language syntax errors for full text search methods
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
525 will display a bare HTML error page.
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
526
6591
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
527 If you add an ``_generic.400.html`` template to the html directory, you
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
528 can display the error inside of the layout provided by the ``page.html``
6589
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
529 template. This can make fixing the error and navigation easier. You
6591
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
530 can use the ``_generic.404.html`` template to create a
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
531 ``_generic.400.html`` by modifying the title and body text. You can test
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
532 the 400 template by appending ``@template=400`` to the url for the
6589
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
533 tracker.
6458
8f1b91756457 issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents: 6456
diff changeset
534
6626
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
535 Change passwords using crypt module (optional)
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
536 ----------------------------------------------
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
537
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
538 The crypt module is being removed from the standard library. Any
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
539 stored password using crypt encoding will fail to verify once the
7343
955a4efe9cbc Typo fix in example; formatting fix for priorty labels
John Rouillard <rouilj@ieee.org>
parents: 7341
diff changeset
540 crypt module is removed (expected in Python 3.13 see `pep-0594
955a4efe9cbc Typo fix in example; formatting fix for priorty labels
John Rouillard <rouilj@ieee.org>
parents: 7341
diff changeset
541 <https://peps.python.org/pep-0594/>`_). Automatic migration of
955a4efe9cbc Typo fix in example; formatting fix for priorty labels
John Rouillard <rouilj@ieee.org>
parents: 7341
diff changeset
542 passwords (if enabled in config.ini) re-encrypts old passwords using
955a4efe9cbc Typo fix in example; formatting fix for priorty labels
John Rouillard <rouilj@ieee.org>
parents: 7341
diff changeset
543 something other than crypt if a user logs in using the web interface.
6626
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
544
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
545 You can find users with passwords still encrypted using crypt by
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
546 running::
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
547
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
548 roundup-admin -i <tracker_home> table password,id,username
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
549
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
550 Look for lines starting with ``{CRYPT}``. You can reset the user's
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
551 password using::
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
552
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
553 roundup-admin -i <tracker_home>
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
554 roundup> set user16 password=somenewpassword
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
555
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
556 changing ``16`` to the id in the second column of the table output.
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
557 The example uses interactive mode (indicated by the ``roundup>``
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
558 prompt). This prevents the new password from showing up in the output
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
559 of ps or shell history. The new password will be encrypted using the
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
560 default encryption method (usually pbkdf2).
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
561
6747
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
562 Enable performance improvement for wsgi mode (optional)
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
563 -------------------------------------------------------
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
564
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
565 There is an experimental wsgi performance improvement mode that caches
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
566 the loaded roundup instance. This eliminates disk reads that are
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
567 incurred on each connection. In one report it improves speed by a
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
568 factor of 2 to 3 times. To enable this you should add a feature flag
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
569 to your Roundup wsgi wrapper (see the file
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
570 ``.../share/frontends/wsgi.py``) so it looks like::
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
571
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
572 feature_flags = { "cache_tracker": "" }
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
573 app = RequestDispatcher(tracker_home, feature_flags=feature_flags)
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
574
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
575 to enable this mode. Note that this is experimental and was added
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
576 during the 2.2.0 beta period, so it is enabled using a feature flag.
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
577 If you use this and it works for you please followup with an email to
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
578 the roundup-users at lists.sourceforge.net mailing list so we can
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
579 enable it by default in a future release.
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
580
6753
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
581
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
582 Hide submit button during readonly use of _generic.item.html (optional)
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
583 -----------------------------------------------------------------------
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
584
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
585 The submit button in _generic.item.html always shows up even when the
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
586 user doesn't have edit perms. Change the ``context/submit`` html to
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
587 read::
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
588
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
589 <td colspan=3 tal:content="structure context/submit"
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
590 tal:condition="context/is_edit_ok">
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
591
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
592 in your TAL based templates. The ``jinja2`` based templates are
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
593 missing this file, but if you implemented one you want to surround the
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
594 jinja2 code with::
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
595
7343
955a4efe9cbc Typo fix in example; formatting fix for priorty labels
John Rouillard <rouilj@ieee.org>
parents: 7341
diff changeset
596 {% if context.is_edit_ok() %}
6753
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
597 <submit button code here>
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
598 {% endif %}
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
599
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
600
6775
bc9728a17f76 Fix index markers.
John Rouillard <rouilj@ieee.org>
parents: 6774
diff changeset
601 .. index:: Upgrading; 2.0.0 to 2.1.0
bc9728a17f76 Fix index markers.
John Rouillard <rouilj@ieee.org>
parents: 6774
diff changeset
602
6456
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
603 Migrating from 2.0.0 to 2.1.0
6248
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
604 =============================
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
605
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
606 Rdbms version change from 5 to 6 (required)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
607 -------------------------------------------
6434
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
608
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
609 To fix an issue with importing databases, the database has to be
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
610 upgraded for rdbms backends.
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
611
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
612 You should run the ``roundup-admin migrate`` command for your
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
613 tracker once you've installed the latest codebase.
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
614
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
615 Do this before you use the web, command-line or mail interface
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
616 and before any users access the tracker.
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
617
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
618 If successful, this command will respond with either "Tracker
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
619 updated" (if you've not previously run it on an RDBMS backend) or
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
620 "No migration action required" (if you have run it, or have used
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
621 another interface to the tracker, or are using anydbm).
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
622
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
623 This only changes the schema for the mysql backend. It has no
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
624 effect other than upgrading the revision on other rdbms backends.
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
625
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
626 On the mysql backend it creates the database index that makes
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
627 sure the key field for your class is unique.
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
628
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
629 If your update/migration fails, you will see an::
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
630
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
631 IntegrityError: (1062, "Duplicate entry '0-NULL' for key '_user_key_retired_idx'")
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
632
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
633 it means you have two non-retired members of the class with the
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
634 same key field. E.G. two non-retired users with the same
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
635 username.
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
636
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
637 Debug this using roundup-admin using the list command. For
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
638 example dump the user class by the key field ``username``::
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
639
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
640 $ roundup-admin -i <tracker_home> list user username
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
641 1: admin
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
642 2: anonymous
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
643 3: demo
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
644 4: agent
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
645 5: provisional
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
646 6: foo@example.com
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
647 7: dupe
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
648 8: dupe
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
649 ...
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
650
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
651 then search the usernames for duplicates. Once you have
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
652 identified the duplicate username (``dupe`` above), you should
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
653 retire the other active duplicates or change the username for the
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
654 duplicate. To retire ``7: dupe``, you run::
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
655
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
656 roundup-admin -i <tracker_home> retire user7
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
657
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
658 (use ``restore user7`` if you retired the wrong item). If you
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
659 want to rename the entry use::
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
660
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
661 roundup-admin -i <tracker_home> set user7 username=dupe1
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
662
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
663 Keep doing this until you have no more duplicates. Then run the
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
664 update/migrate again.
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
665
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
666 If you have duplicate non-retired entries in your database,
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
667 please email roundup-users at lists.sourceforge.net. We are
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
668 interested in how many issues this has caused. Duplicate creation
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
669 should occur only when two or more mysql processes run in
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
670 parallel and both of them creating an item with the same key. So
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
671 this should be a rare event. The internal duplicate prevention
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
672 checks should work in other cases.
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
673
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
674 For the nerds: if you had a new installation that was created at
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
675 version 5, the uniqueness of a key was not enforced at the
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
676 database level. If you had a database that was at version 4 and
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
677 then upgraded to version 5 you have the uniqueness enforcing
6456
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
678 constraint. Running migrate updates to schema version 6 and installs
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
679 the unique index constraint if it is missing.
6434
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
680
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
681 Setuptools is now required to install (info)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
682 --------------------------------------------
6378
b57c3d50505b issue2550899 Migrate setup.py to setuptools
John Rouillard <rouilj@ieee.org>
parents: 6333
diff changeset
683
b57c3d50505b issue2550899 Migrate setup.py to setuptools
John Rouillard <rouilj@ieee.org>
parents: 6333
diff changeset
684 Roundup install now uses setuptools rather than distutils. You must
b57c3d50505b issue2550899 Migrate setup.py to setuptools
John Rouillard <rouilj@ieee.org>
parents: 6333
diff changeset
685 install setuptools. Use the version packgaged by your OS vendor. If
b57c3d50505b issue2550899 Migrate setup.py to setuptools
John Rouillard <rouilj@ieee.org>
parents: 6333
diff changeset
686 your OS vendor doesn't supply setuptools use ``pip install
b57c3d50505b issue2550899 Migrate setup.py to setuptools
John Rouillard <rouilj@ieee.org>
parents: 6333
diff changeset
687 setuptools``. (You may need pip3 rather than pip if using python3.)
b57c3d50505b issue2550899 Migrate setup.py to setuptools
John Rouillard <rouilj@ieee.org>
parents: 6333
diff changeset
688
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
689 Define Authentication Header (optional)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
690 ---------------------------------------
6436
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
691
6456
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
692 The web server in front of roundup (apache, nginx) can perform user
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
693 authentication. It can pass the authenticated username to the backend
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
694 in a variable. By default roundup looks for the ``REMOTE_USER``
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
695 variable. This can be changed by setting the parameter
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
696 ``http_auth_header`` in the ``[web]`` section of the tracker's
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
697 ``config.ini`` file to a different value. The value is case sensitive.
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
698 If the value is unset (the default) the REMOTE_USER variable is used.
6436
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
699
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
700 If you are running roundup using ``roundup-server`` behind a proxy
6456
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
701 that authenticates the user you need to configure ``roundup-server``
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
702 to pass the HTTP header with the authenticated username to the
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
703 tracker. By default ``roundup-server`` looks for the ``REMOTE_USER``
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
704 header for the authenticated user. You can copy an arbitrary header
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
705 variable to the tracker using the ``-I`` option to roundup-server (or
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
706 the equivalent option in the roundup-server config file).
6436
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
707
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
708 For example to use the ``uid_variable`` header, two configuration
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
709 changes are needed: First configure ``roundup-server`` to pass the
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
710 header to the tracker using::
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
711
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
712 roundup-server -I uid_variable ....
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
713
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
714 note that the header is passed exactly as supplied by the upstream
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
715 server. It is **not** prefixed with ``HTTP_`` like other headers since
6456
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
716 you are explicitly allowing the header. Multiple comma separated
6436
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
717 headers can be passed to the ``-I`` option. These could be used in a
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
718 detector or other tracker extensions, but only one header can be used
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
719 by the tracker as an authentication header.
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
720
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
721 To make the tracker honor the new variable changing the tracker
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
722 ``config.ini`` to read::
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
723
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
724 [web]
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
725 ...
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
726 http_auth_header = uid_variable
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
727
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
728 At the time this is written, support is experimental. If you use it
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
729 you should notify the roundup maintainers using the roundup-users
6456
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
730 at lists.sourceforge.net mailing list.
6378
b57c3d50505b issue2550899 Migrate setup.py to setuptools
John Rouillard <rouilj@ieee.org>
parents: 6333
diff changeset
731
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
732 Classname Format Enforced (info)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
733 --------------------------------
6248
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
734
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
735 Check schema.py and look at all Class(), IssueClass(), FileClass()
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
736 calls. The second argument is the classname. All classnames must:
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
737
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
738 * start with an alphabetic character
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
739 * consist of alphanumerics and '_'
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
740 * not end with a digit
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
741
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
742 this was not enforced before. Using non-standard classnames could lead
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
743 to other issues.
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
744
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
745 jQuery updated with updates to user.help.html (recommended)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
746 -----------------------------------------------------------
6290
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
747
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
748 The devel and responsive templates shipped with an old version of
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
749 jQuery with some security issues. It has been updated to the current
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
750 version: 3.5.1. If your tracker is based on one of these templates
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
751 (see the ``TEMPLATE-INFO.txt`` file in your tracker), remove the old
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
752 ``html/jquery.js`` file from your tracker and copy the new
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
753 ``jquery-3.5.1.js`` file from the template directory to your tracker's
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
754 ``html`` directory. Also copy in the new ``user.help.html`` file. It now
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
755 references the new ``jquery-3.5.1.js`` file and also fixes a bug that
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
756 prevented applying the change from the helper to the field on the main
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
757 form.
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
758
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
759 Roundup-admin security stops on incorrect properties (info)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
760 -----------------------------------------------------------
6393
51a1a9b0f567 - issue2551062: AddPermission doesn't validate property names.
John Rouillard <rouilj@ieee.org>
parents: 6378
diff changeset
761
51a1a9b0f567 - issue2551062: AddPermission doesn't validate property names.
John Rouillard <rouilj@ieee.org>
parents: 6378
diff changeset
762 The ``roundup-admin ... security`` command used to continue
51a1a9b0f567 - issue2551062: AddPermission doesn't validate property names.
John Rouillard <rouilj@ieee.org>
parents: 6378
diff changeset
763 running through the rest of the security roles after reporting a
51a1a9b0f567 - issue2551062: AddPermission doesn't validate property names.
John Rouillard <rouilj@ieee.org>
parents: 6378
diff changeset
764 property error. Now it stops after reporting the incorrect property.
51a1a9b0f567 - issue2551062: AddPermission doesn't validate property names.
John Rouillard <rouilj@ieee.org>
parents: 6378
diff changeset
765
51a1a9b0f567 - issue2551062: AddPermission doesn't validate property names.
John Rouillard <rouilj@ieee.org>
parents: 6378
diff changeset
766 If run non-interactively, it exits with status 1. It can now be
51a1a9b0f567 - issue2551062: AddPermission doesn't validate property names.
John Rouillard <rouilj@ieee.org>
parents: 6378
diff changeset
767 used in a startup script to detect permission errors.
51a1a9b0f567 - issue2551062: AddPermission doesn't validate property names.
John Rouillard <rouilj@ieee.org>
parents: 6378
diff changeset
768
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
769 Futureproof devel and responsive timezone selection extension (recommended)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
770 ---------------------------------------------------------------------------
6418
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
771
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
772 The devel and responsive (derived from devel) templates use a select
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
773 control to list all available timezones when pytz is used. It
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
774 sanitizes the data using cgi.escape. Cgi.escape is deprecated and
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
775 removed in newer pythons. Change your ``extensions/timezone.py``
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
776 file by applying the following patch manually::
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
777
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
778
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
779 -import cgi
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
780 +try:
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
781 + from html import escape
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
782 +except ImportError:
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
783 + from cgi import escape
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
784
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
785 try:
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
786 import pytz
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
787 @@ -25,7 +28,7 @@
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
788 s = ' '
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
789 if zone == value:
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
790 s = 'selected=selected '
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
791 - z = cgi.escape(zone)
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
792 + z = escape(zone)
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
793
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
794 See https://issues.roundup-tracker.org/issue2551136 for more details.
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
795
6168
de9d602c8ce6 more index entries and CHANGES.txt update for them.
John Rouillard <rouilj@ieee.org>
parents: 6128
diff changeset
796 .. index:: Upgrading; 1.6.x to 2.0.0
de9d602c8ce6 more index entries and CHANGES.txt update for them.
John Rouillard <rouilj@ieee.org>
parents: 6128
diff changeset
797
5941
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
798 Migrating from 1.6.X to 2.0.0
5501
dd242cd7a182 mention change from pyme to gpg module for PGP processing
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5332
diff changeset
799 =============================
dd242cd7a182 mention change from pyme to gpg module for PGP processing
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5332
diff changeset
800
6174
5522c950a2e4 Add indexing for roundup-admin references.
John Rouillard <rouilj@ieee.org>
parents: 6170
diff changeset
801 .. index:: roundup-admin; updateconfig subcommand
5522c950a2e4 Add indexing for roundup-admin references.
John Rouillard <rouilj@ieee.org>
parents: 6170
diff changeset
802
6210
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
803
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
804 Python 2 MYSQL users MUST READ (required)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
805 -----------------------------------------
6210
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
806
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
807 To fix issues with encoding of data and text searching, roundup now
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
808 explicitly sets the database connection character set. Roundup prior
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
809 to 2.0 used the default character set which was not always utf-8. All
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
810 roundup data is manipulated in utf-8. This mismatch causes issues with
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
811 searches and result in corrupted data in the database if it was not
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
812 properly represented across the charset conversions.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
813
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
814 This issue exists when running roundup under python 2. Note that there
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
815 are more changes required for running roundup 2.0 if you choose to use
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
816 python3. See `Python 3 support`_.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
817
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
818 In an upgraded ``config.ini`` (see next section) the ``[rdbms]``
6333
bd84f43e1d13 Fixes to mysql 2.0 conversion doc issue2551115 Werner Hunger
John Rouillard <rouilj@ieee.org>
parents: 6290
diff changeset
819 section has a key ``mysql_charset`` set by default to ``utf8mb4``.
bd84f43e1d13 Fixes to mysql 2.0 conversion doc issue2551115 Werner Hunger
John Rouillard <rouilj@ieee.org>
parents: 6290
diff changeset
820
bd84f43e1d13 Fixes to mysql 2.0 conversion doc issue2551115 Werner Hunger
John Rouillard <rouilj@ieee.org>
parents: 6290
diff changeset
821 It should be possible to change ``utf8mb4`` to any mysql charset. So
bd84f43e1d13 Fixes to mysql 2.0 conversion doc issue2551115 Werner Hunger
John Rouillard <rouilj@ieee.org>
parents: 6290
diff changeset
822 if you know what charset is enabled (e.g. via a setting in ~roundup/.my.cnf,
6210
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
823 or the default charset for the database) you can set it in
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
824 ``config.ini`` and not need to covert the database. However the
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
825 underlying issues with misconverted data and bad searches will still
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
826 exist if they did before.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
827
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
828 None of the roundup developers run mysql, so the exact steps to take
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
829 during the upgrade were tested with test and not production databases.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
830
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
831 **Before doing anything else:**
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
832
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
833 Backup the mysql database using mysql dump or other mysql
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
834 supported tool.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
835
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
836 Backup roundup using your current backup tool and take the roundup
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
837 instance offline.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
838
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
839 Then the following steps (similar to the conversion in needed for
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
840 Python 3) should work:
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
841
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
842 1. Export the tracker database
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
843 using your **current** 1.6 instance::
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
844
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
845 roundup-admin -i <trackerdir> exporttables <export_dir>
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
846
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
847 replacing tracker_dir and export_dir as appropriate.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
848
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
849 2. Import the exported database using the **new** 2.0 roundup::
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
850
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
851 roundup-admin -i <trackerdir> importtables <export_dir>
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
852
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
853 replacing tracker_dir and export_dir as appropriate.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
854
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
855 The imported data should overwrite the original data. Note it is
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
856 critically important that the ``exporttables`` be done with the *old
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
857 tracker* and the ``importtables`` be done with the *new tracker*. An
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
858 import/export cycle between roundup 1.6.0 and roundup 2.0 has been
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
859 done successfully. So the export format for 1.6 and 2.0 should be
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
860 compatible.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
861
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
862 Note that ``importtables`` is new in roundup-2.0, so you will not be
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
863 able to import the result of ``exporttables`` using any 1.x version of
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
864 roundup.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
865
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
866 Following the same sequence as above using ``export`` and ``import``
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
867 should also work, but it will export all the files and messages. This
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
868 will take longer but may be worth trying if the ``exporttables`` and
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
869 ``importtables`` method fails for some reason.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
870
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
871 Another way that should be faster, but is untested is to use mysql
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
872 dump to dump the database.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
873 https://makandracards.com/makandra/595-dumping-and-importing-from-to-mysql-in-an-utf-8-safe-way
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
874 recommends::
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
875
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
876 Note that when your MySQL server is not set to UTF-8 you need to do
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
877 mysqldump --default-character-set=latin1 (!) to get a correctly
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
878 encoded dump. In that case you will also need to remove the SET
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
879 NAMES='latin1' comment at the top of the dump, so the target machine
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
880 won't change its UTF-8 charset when sourcing.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
881
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
882 Then import the dump. Removing ``SET NAMES`` should allow the import
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
883 to use UTF-8.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
884
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
885 Please report success or issues with this conversion to the
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
886 roundup-users AT lists.sourceforge.net mailing list.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
887
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
888 As people report successful or unsuccessful conversions, we will update
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
889 the errata page at: https://wiki.roundup-tracker.org/ReleaseErrata.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
890
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
891 Upgrade tracker's config.ini file (recommended)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
892 -----------------------------------------------
6210
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
893
5973
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
894 Once you have installed the new roundup, use::
5726
e199d0ae4a25 issue2551033: prevent reverse engineering hidden data by using etags
John Rouillard <rouilj@ieee.org>
parents: 5543
diff changeset
895
5944
d7e6bcde5cbe Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents: 5941
diff changeset
896 roundup-admin -i /path/to/tracker updateconfig newconfig.ini
5726
e199d0ae4a25 issue2551033: prevent reverse engineering hidden data by using etags
John Rouillard <rouilj@ieee.org>
parents: 5543
diff changeset
897
e199d0ae4a25 issue2551033: prevent reverse engineering hidden data by using etags
John Rouillard <rouilj@ieee.org>
parents: 5543
diff changeset
898 to generate a new ini file preserving all your settings. You can then
e199d0ae4a25 issue2551033: prevent reverse engineering hidden data by using etags
John Rouillard <rouilj@ieee.org>
parents: 5543
diff changeset
899 merge any local comments from the tracker's ``config.ini`` into
5944
d7e6bcde5cbe Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents: 5941
diff changeset
900 ``newconfig.ini``. Compare the old and new files and configure any new
d7e6bcde5cbe Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents: 5941
diff changeset
901 settings as you want. Then replace ``config.ini`` with the
d7e6bcde5cbe Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents: 5941
diff changeset
902 ``newconfig.ini`` file.
5941
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
903
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
904 .. _Python 3 support:
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
905
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
906 Python 3 support (info)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
907 -----------------------
5941
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
908
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
909 Many of the ``.html`` and ``.py`` files from Roundup that are copied
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
910 into tracker directories have changed for Python 3 support. If you
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
911 wish to move an existing tracker to Python 3, you need to merge in
5973
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
912 those changes. Also you need to make sure that locally created python
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
913 code in the tracker is correct for Python 3.
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
914
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
915 If your tracker uses the ``anydbm`` or ``mysql`` backends, you also
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
916 need to export the tracker contents using ``roundup-admin export``
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
917 running under Python 2, and them import them using ``roundup-admin
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
918 import`` running under Python 3. This is detailed in the documention
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
919 for migrating to a different backend. If using the ``sqlite`` backend,
5941
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
920 you do not need to export and import, but need to delete the
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
921 ``db/otks`` and ``db/sessions`` files when changing Python version.
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
922 If using the ``postgresql`` backend, you do not need to export and
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
923 import and no other special database-related steps are needed.
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
924
5967
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
925 If you use the whoosh indexer, you will need to reindex. It looks like
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
926 a database created with Python 2 leads to Unicode decode errors when
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
927 accessed by Python 3. Reindexing can take a while (see details below
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
928 look for "reindexing").
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
929
5944
d7e6bcde5cbe Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents: 5941
diff changeset
930 Octal values in config.ini change from the Python 2 representation
5941
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
931 with a leading ``0`` (``022``). They now use a leading ``0o``
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
932 (``0o22``). Note that the ``0o`` format is properly handled under
5944
d7e6bcde5cbe Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents: 5941
diff changeset
933 python 2. You can use the ``newconfig.ini`` generated using ``python3
d7e6bcde5cbe Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents: 5941
diff changeset
934 roundup-admin -i ... updateconfig newconfig.ini`` if you want to go
d7e6bcde5cbe Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents: 5941
diff changeset
935 back to using python 2. (Note going back to Python 2 will require
d7e6bcde5cbe Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents: 5941
diff changeset
936 the same steps as moving from 2 to 3 except using Python 3 to perform
d7e6bcde5cbe Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents: 5941
diff changeset
937 the export.)
5726
e199d0ae4a25 issue2551033: prevent reverse engineering hidden data by using etags
John Rouillard <rouilj@ieee.org>
parents: 5543
diff changeset
938
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
939 Rate Limit New User Registration (info)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
940 ---------------------------------------
5973
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
941
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
942 The new user registration form can be abused by bots to allow
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
943 automated registration for spamming. This can be limited by using the
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
944 new ``config.ini`` ``[web]`` option called
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
945 ``registration_delay``. The default is 4 and is the number of seconds
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
946 between the time the form was generated and the time the form is
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
947 processed.
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
948
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
949 If you do not modify the ``user.register.html`` template in your
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
950 tracker's html directory, you *must* set this to 0. Otherwise you will
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
951 see the error:
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
952
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
953 Form is corrupted, missing: opaqueregister.
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
954
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
955 If set to 0, the rate limit check is disabled.
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
956
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
957 If you want to use this, you can change your ``user.register.html``
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
958 file to include::
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
959
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
960 <input type="hidden" name="opaqueregister" tal:attributes="value python: utils.timestamp()">
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
961
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
962 The hidden input field can be placed right after the form declaration
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
963 that starts with::
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
964
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
965 <form method="POST" onSubmit="return submit_once()"
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
966
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
967 If you have applied Erik Forsberg's tracker level patch to implement
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
968 (see: https://hg.python.org/tracker/python-dev/rev/83477f735132), you
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
969 can back the code out of the tracker. You must change the name of the
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
970 field in the html template to ``opaqueregistration`` from ``opaque``
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
971 in order to use the core code.
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
972
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
973 PGP mail processing (required)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
974 ------------------------------
5501
dd242cd7a182 mention change from pyme to gpg module for PGP processing
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5332
diff changeset
975
dd242cd7a182 mention change from pyme to gpg module for PGP processing
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5332
diff changeset
976 Roundup now uses the ``gpg`` module instead of ``pyme`` to process PGP
dd242cd7a182 mention change from pyme to gpg module for PGP processing
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5332
diff changeset
977 mail. If you have PGP processing enabled, make sure the ``gpg``
dd242cd7a182 mention change from pyme to gpg module for PGP processing
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5332
diff changeset
978 module is installed.
dd242cd7a182 mention change from pyme to gpg module for PGP processing
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5332
diff changeset
979
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
980 MySQL client module (recommended)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
981 ---------------------------------
5510
e2978ed3b550 update link to new mysqlclient module and recommend update in upgrading.txt
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5501
diff changeset
982
e2978ed3b550 update link to new mysqlclient module and recommend update in upgrading.txt
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5501
diff changeset
983 Although the ``MySQLdb`` module from
e2978ed3b550 update link to new mysqlclient module and recommend update in upgrading.txt
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5501
diff changeset
984 https://pypi.org/project/MySQL-python/ is still supported, it is
e2978ed3b550 update link to new mysqlclient module and recommend update in upgrading.txt
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5501
diff changeset
985 recommended to switch to the updated module from
e2978ed3b550 update link to new mysqlclient module and recommend update in upgrading.txt
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5501
diff changeset
986 https://pypi.org/project/mysqlclient/.
e2978ed3b550 update link to new mysqlclient module and recommend update in upgrading.txt
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5501
diff changeset
987
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
988 XMLRPC Access Role (info/required)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
989 ----------------------------------
5879
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
990
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
991 A new permission has been added to control access to the XMLRPC
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
992 endpoint. If the user doesn't have the new "Xmlrpc Access" permission,
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
993 they will not be able to log in using the /xmlrpc end point. To add
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
994 this new permission to the "User" role you should change your
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
995 tracker's schema.py and add::
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
996
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
997 db.security.addPermissionToRole('User', 'Xmlrpc Access')
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
998
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
999 This is usually included near where other permissions like "Web Access"
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
1000 or "Email Access" are assigned.
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
1001
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1002 New values for db.tx_Source (info)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1003 ----------------------------------
5881
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
1004
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
1005 The database attribute tx_Source reports "xmlrpc" and "rest" when the
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
1006 /xmlrpc and /rest web endpoints are used. Check all code (extensions,
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
1007 detectors, lib) in trackers looking for tx_Source. If you have code
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
1008 like::
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
1009
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
1010 if db.tx_Source == "web":
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
1011
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
1012 or::
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
1013
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
1014 if db.tx_Source in ['web', 'email-sig-openpgp', 'cli' ]:
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
1015
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
1016 you may need to change these to include matches to "rest" and
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
1017 "xmlrpc". For example::
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
1018
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
1019 if db.tx_Source in [ "web", "rest", "xmlrpc" ]
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
1020
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
1021 or::
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
1022
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
1023 if db.tx_Source in ['web', 'rest', 'xmlrpc', 'email-sig-openpgp', 'cli' ]:
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
1024
6190
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1025
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1026 CSV export changes (info)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1027 -------------------------
6190
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1028
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1029 The original Roundup CSV export function for indexes reported id
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1030 numbers for links. The wiki had a version that resolved the id's to
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1031 names, so it would report ``open`` rather than ``2`` or
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1032 ``user2;user3`` rather than ``[2,3]``.
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1033
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1034 Many people added the enhanced version to their extensions directory.
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1035
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1036 The enhanced version was made the default in roundup 2.0. If you want
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1037 to use the old version (that returns id's), you can replace references
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1038 to ``export_csv`` with ``export_csv_id`` in templates.
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1039
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1040 Both core csv export functions have been changed to force quoting of
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1041 all exported fields. To incorporate this change in any CSV export
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1042 extension you may have added, change references in your code from::
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1043
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1044 writer = csv.writer(wfile)
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1045
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1046 to::
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1047
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1048 writer = csv.writer(wfile, quoting=csv.QUOTE_NONNUMERIC)
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1049
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1050 this forces all (non-numeric) fields to be quoted and empty quotes to
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1051 be added for missing parameters.
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1052
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1053 This turns exported values that may look like formulas into strings so
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1054 some versions of Excel won't try to interpret them as a formula.
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1055
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1056 Update userauditor.py to restrict usernames (recommended)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1057 ---------------------------------------------------------
5958
5148e46dd314 issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents: 5944
diff changeset
1058
5973
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
1059 A username can be created with embedded commas and < and >
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
1060 characters. Even though the < and > are usually escaped when
5958
5148e46dd314 issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents: 5944
diff changeset
1061 displayed, the embedded comma makes it difficult to edit lists of
5148e46dd314 issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents: 5944
diff changeset
1062 users as they are comma separated.
5148e46dd314 issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents: 5944
diff changeset
1063
5148e46dd314 issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents: 5944
diff changeset
1064 If you have not modified your tracker's userauditor.py, you can just
5148e46dd314 issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents: 5944
diff changeset
1065 copy the userauditor.py from the classic template into your tracker's
5148e46dd314 issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents: 5944
diff changeset
1066 detectors directory. Otherwise merge the changes from the template
5148e46dd314 issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents: 5944
diff changeset
1067 userauditor.py. https://issues.roundup-tracker.org/issue2550921 may be
5148e46dd314 issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents: 5944
diff changeset
1068 helpful.
5881
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
1069
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1070 Consider reindexing if you use European languages (recommended)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1071 ---------------------------------------------------------------
5967
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
1072
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
1073 A couple of bugs dealing with incorrect indexing of European languages
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
1074 (Russian and German were reported) have been fixed. Note reindexing
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
1075 all your data may take a long time. See:
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
1076 https://issues.roundup-tracker.org/issue1195739 and
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
1077 https://issues.roundup-tracker.org/issue1344046 for a description of
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
1078 the problem. If you determine that this a problem for your tracker,
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
1079 you can use::
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
1080
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
1081 roundup-admin -i /path/to/tracker reindex
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
1082
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
1083 to rewrite your full text indexes. The tracker used for reindex timing
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
1084 had 140MB of file/message data and 2500 issues with a slow 5400RPM
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
1085 SATA drive. Using native indexing with sqlite took about 45
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
1086 minutes. Using whoosh took about 2 hours. Using xapian took about 6
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
1087 hours. All examples were with Python 2. Anecdotal evidence shows
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
1088 Python 3 is faster, but YMMV.
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
1089
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1090 Merge improvements in statusauditor.py (optional)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1091 -------------------------------------------------
5971
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1092
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1093 By default the detector statusauditor.py will change the status from
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1094 "unread" to "chatting" when a second message is added to an issue.
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1095 The distributed classic and jinja templates implement this feature in
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1096 their copies of ``detectors/statusauditor.py``.
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1097
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1098 This can be a problem. Consider a person sending email to create an
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1099 issue. Then the person sends a followup message to add some additional
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1100 information to the issue. The followup message will trigger the status
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1101 change from "unread" to "chatting". This is misleading since the
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1102 person is "chatting" with themselves.
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1103
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1104 Statusauditor.py has been enhanced to prevent the status from changing
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1105 to "chatting" until a second user (person) adds a message. If you
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1106 want this functionality, you need to merge the distributed
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1107 statusauditor.py with your tracker's statusauditor.py. If you have not
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1108 customized your tracker's statusauditor.py, copy the one from the
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1109 distibuted template. In addition to the python file, you also must
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1110 copy/merge the distributed ``detectors/config.ini`` into your
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1111 tracker's detectors directory. Most people can copy
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1112 ``detectors/config.ini`` from the distributed templates as they won't
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1113 have a ``detectors/config.ini`` file. (Note this is
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1114 ``detectors/config.ini`` do not confuse it with the main
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1115 ``config.ini`` file at the root of the tracker home.)
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1116
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1117 This enhancement is disabled by default. Enable it by changing the
7277
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1118 value in ``detectors/config.ini`` from::
5971
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1119
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1120 chatting_requires_two_users = False
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1121
7277
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1122 to::
5971
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1123
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1124 chatting_requires_two_users = True
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1125
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1126 (the values ``no`` and ``yes`` can also be used). Restart the tracker
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1127 to enable the change.
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1128
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1129 If you don't do this quite right you will see one of two error
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1130 messages in the web interface when you try to update an issue with a
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1131 message::
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1132
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1133 Edit Error: Unsupported configuration option: Option
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1134 STATUSAUDITOR_CHATTING_REQUIRES_TWO_USERS not found in
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1135 detectors/config.ini.
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1136 Contact tracker admin to fix.
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1137
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1138 This happens if detectors/config.ini is not found or is missing the
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1139 ``chatting_requires_two_users`` option in the ``statusauditor``
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1140 section.
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1141
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1142 If you have an incorrect value (say you use ``T`` rather than
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1143 ``True``) you see a different error::
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1144
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1145 Edit Error: Invalid value for
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1146 DETECTOR::STATUSAUDITOR_CHATTING_REQUIRES_TWO_USERS: 'T'
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1147 Allowed values: yes, no
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1148
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1149 to fix this set the value to ``yes`` (True) or ``no`` (False).
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1150
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1151 Responsive template changes (optional)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1152 --------------------------------------
5990
0face8e45224 issue2551076 - responsive template, search links should ignore status
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
1153
0face8e45224 issue2551076 - responsive template, search links should ignore status
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
1154 There have been some changes to the responsive template. You can
5991
b0940ad50f43 issue2551075 Update jinja template to bootstrap 4.
John Rouillard <rouilj@ieee.org>
parents: 5990
diff changeset
1155 diff/merge these changes into your responsive template based tracker.
b0940ad50f43 issue2551075 Update jinja template to bootstrap 4.
John Rouillard <rouilj@ieee.org>
parents: 5990
diff changeset
1156
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1157 Jinja template changes (required)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1158 ---------------------------------
5991
b0940ad50f43 issue2551075 Update jinja template to bootstrap 4.
John Rouillard <rouilj@ieee.org>
parents: 5990
diff changeset
1159
6055
5260c15d153f updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5994
diff changeset
1160 Auto escaping has been enabled in the jinja template engine, this
5260c15d153f updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5994
diff changeset
1161 means it is no longer necessary to manually escape dynamic strings
7277
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1162 with ``|e``, but strings that should not be escaped need to be marked
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1163 with ``|safe`` (e.g. ``{{ context.history()|u|safe }}``). Also, the i18n
6055
5260c15d153f updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5994
diff changeset
1164 extension has been enabled and the template has been updated to use
7277
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1165 the extension for translatable text instead of explicit ``i18n.gettext``
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1166 calls::
6055
5260c15d153f updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5994
diff changeset
1167
5260c15d153f updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5994
diff changeset
1168 {% trans %}List of issues{% endtrans %}
5260c15d153f updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5994
diff changeset
1169
7277
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1170 instead of::
6055
5260c15d153f updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5994
diff changeset
1171
5260c15d153f updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5994
diff changeset
1172 {{ i18n.gettext('List of issues')|u }}
5260c15d153f updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5994
diff changeset
1173
5991
b0940ad50f43 issue2551075 Update jinja template to bootstrap 4.
John Rouillard <rouilj@ieee.org>
parents: 5990
diff changeset
1174 The jinja template has been upgraded to use bootstrap 4.1.3 (from
b0940ad50f43 issue2551075 Update jinja template to bootstrap 4.
John Rouillard <rouilj@ieee.org>
parents: 5990
diff changeset
1175 2.2.2). You can diff/merge changes into your jinja template based
b0940ad50f43 issue2551075 Update jinja template to bootstrap 4.
John Rouillard <rouilj@ieee.org>
parents: 5990
diff changeset
1176 tracker.
5971
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1177
5994
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
1178 Also search _generic.index.html, navigation.html and file.index.html
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
1179 in the html directory of your tracker. Look for::
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
1180
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
1181 <input type="hidden" name="@action"
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
1182
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
1183 where the value is a jinja expression that calls i18n.gettext. Set the
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
1184 value to the argument of the gettext call. E.G. replace::
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
1185
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
1186 <input type="hidden" name="@action" value="{{ i18n.gettext('editCSV')|u }}">
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
1187
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
1188 with::
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
1189
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
1190 <input type="hidden" name="@action" value="editCSV">
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
1191
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
1192 The action keywords should not be translated.
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
1193
6168
de9d602c8ce6 more index entries and CHANGES.txt update for them.
John Rouillard <rouilj@ieee.org>
parents: 6128
diff changeset
1194 .. index:: Upgrading; 1.5.1 to 1.6.0
de9d602c8ce6 more index entries and CHANGES.txt update for them.
John Rouillard <rouilj@ieee.org>
parents: 6128
diff changeset
1195
5041
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1196 Migrating from 1.5.1 to 1.6.0
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1197 =============================
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1198
5304
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1199 Update tracker config file
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1200 --------------------------
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1201
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1202 After installing the new version of roundup, you should
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1203 update the ``config.ini`` file for your tracker. To do this:
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1204
7277
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1205 1. backup your existing ``config.ini`` file
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1206 2. using the newly installed code, run::
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1207
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1208 roundup-admin -i /path/to/tracker updateconfig config.ini.new
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1209
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1210 to create the file config.ini.new. Replace
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1211 ``/path/to/tracker`` with the path to your tracker.
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1212 3. replace your tracker's config.ini with config.ini.new
5304
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1213
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1214 Using updateconfig keeps all the settings from your
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1215 tracker's config.ini file and adds settings for all the new
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1216 options.
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1217
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1218 If you have added comments to your original config.ini file,
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1219 merge the added comments into the config.ini.new file. Then
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1220 replace your tracker's config.ini with config.ini.new.
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1221
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1222 Read the new config.ini and configure it to enable new
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1223 features. Details on using these features can be found in
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1224 this section.
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1225
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1226 Make sure that user can view labelprop on classes (required)
5267
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1227 ------------------------------------------------------------
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1228
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1229 If you have View permissions that use ```properties=...```,
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1230 make sure that the labelprop for the class is listed in the
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1231 properties list.
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1232
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1233 The first one of these that exists must must be in the list:
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1234
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1235 1. the property set by a call to setlabelprop for the class
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1236 2. the key of the class (as set by setkey())
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1237 3. the "name" property (if it exists)
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1238 4. the "title" property (if it exists)
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1239
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1240 if none of those apply, you must allow
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1241
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1242 * the "id" property
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1243
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1244 E.G. If your class does a setlabelprop("foo") you must include "foo"
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1245 in the properties list even if the class has name or title properties.
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1246
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1247 See:
6265
b2eb59ada444 Replace http:....roundup-tracker.org with https. Also fix wiki links.
John Rouillard <rouilj@ieee.org>
parents: 6248
diff changeset
1248 https://www.roundup-tracker.org/docs/customizing.html#setlabelprop-property
5267
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1249 for further details on the labelprop.
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1250
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1251 If you don't do this, you will find that multilinks (and possibly
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1252 links) may not be displayed properly. E.G. templates that iterate over
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1253 a mutlilink field (with tal:repeat for example) may not show any
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1254 content.
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1255
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1256 See: https://sourceforge.net/p/roundup/mailman/message/35763294/
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1257 for the initial discussion of the issue.
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1258
7343
955a4efe9cbc Typo fix in example; formatting fix for priorty labels
John Rouillard <rouilj@ieee.org>
parents: 7341
diff changeset
1259 .. _cross site request forgery detection added:
955a4efe9cbc Typo fix in example; formatting fix for priorty labels
John Rouillard <rouilj@ieee.org>
parents: 7341
diff changeset
1260
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1261 Cross Site Request Forgery Detection Added (recommended)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1262 --------------------------------------------------------
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1263
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1264 Roundup 1.6. supports a number of defenses against CSRF.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1265
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1266 Http header verification against the tracker's ``web``
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1267 setting in the ``[tracker]`` section of config.ini for the
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1268 following headers:
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1269
5304
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1270 1. Analyze the ``Referer`` HTTP header to make sure it
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1271 includes the web setting.
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1272 2. Analyze the ``Origin`` HTTP header to make sure the
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1273 schema://host matches the web setting.
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1274 3. Analyze the ``X-Forwarded-Host`` header set by a proxy
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1275 running in front of roundup to make sure it agrees with
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1276 the host part of the web setting.
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1277 4. Analyze the ``Host`` header to make sure it agrees with
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1278 the host part of the web setting. This is not done if
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1279 ``X-Forwarded-Host`` is set.
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1280
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1281 By default roundup 1.6 does not require any specific header
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1282 to be present. However at least one of the headers above
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1283 *must* pass validation checks (usually ``Host`` or
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1284 ``Referer``) or the submission is rejected with an error.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1285 If any header fails validation, the submission is
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1286 rejected. (Note the user's form keeps all the data they
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1287 entered if it was rejected.)
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1288
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1289 Also the admin can include unique csrf tokens for all forms
5271
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
1290 submitted using the POST method. (Delete and put methods are also
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
1291 included, but not currently used by roundup.) The csrf
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1292 token (nonce) is tied to the user's session. When the user
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1293 submits the form and nonce, the nonce is checked to make
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1294 sure it was issued to the user and the same session. If this
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1295 is not true the post is rejected and the user is notified.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1296
5271
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
1297 The standard context/submit templating item creates CSRF tokens by
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
1298 default. If you have forms using the POST method that are not using
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
1299 the standard submit routine, you should add the following field to all
7277
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1300 forms::
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1301
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1302 <input name="@csrf" type="hidden"
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1303 tal:attributes="value python:utils.anti_csrf_nonce()">
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1304
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1305 A unique random token is generated by every call to
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1306 utils.anti_csrf_nonce() and is put in a database to be
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1307 retreived if the token is used. Token lifetimes are 2 weeks
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1308 by default but can be configured in config.ini. Roundup will
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1309 automatically prune old tokens. Calling anti_csrf_nonce with
7277
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1310 an integer lifetime, for example::
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1311
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1312 <input name="@csrf" type="hidden"
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1313 tal:attributes="value python:utils.anti_csrf_nonce(lifetime=10)">
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1314
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1315 sets the lifetime of that nonce to 10 minutes.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1316
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1317 If you want to change the default settings, you have to
5304
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1318 update the web section in your tracker's config.ini file. Follow the
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1319 section above to generate an updated config.ini file. Then
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1320 look for settings that start with csrf. The updated config.ini
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1321 file includes detailed descriptions of the settings.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1322
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1323 In general one of four values can be set for these
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1324 settings. The default is ``yes``, which validates the header
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1325 or nonce and blocks access if the validation fails. If the
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1326 field/header is missing it allows access. Setting these
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1327 fields to ``required`` blocks access if the header/nonce is
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1328 missing.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1329
5275
fee207407dee Add error and troubleshooting headers. Clarified the suggestion to a
John Rouillard <rouilj@ieee.org>
parents: 5274
diff changeset
1330 It is recommended that you change your templates so every form
fee207407dee Add error and troubleshooting headers. Clarified the suggestion to a
John Rouillard <rouilj@ieee.org>
parents: 5274
diff changeset
1331 that is not submitted via GET has an @csrf field. Then change
fee207407dee Add error and troubleshooting headers. Clarified the suggestion to a
John Rouillard <rouilj@ieee.org>
parents: 5274
diff changeset
1332 the csrf_enforce_token setting to 'required'.
fee207407dee Add error and troubleshooting headers. Clarified the suggestion to a
John Rouillard <rouilj@ieee.org>
parents: 5274
diff changeset
1333
5295
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1334 Errors and Troubleshooting - @csrf in url
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1335 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1336
5271
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
1337 If you see the @csrf nonce in the URL, you have added the value to a
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
1338 form that uses the GET method. You should remove the @csrf token from
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
1339 these forms as it is not needed.
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
1340
5295
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1341 Errors and Troubleshooting - AttributeError list object no attribute value
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1342 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
5271
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
1343 If you get an error:
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
1344
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
1345 AttributeError: 'list' object has no attribute 'value'
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
1346
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
1347 in handle_csrf, you have more than one @csrf token for the form. This
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
1348 usually occurs because the form uses the standard context/submit
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
1349 element but you also added an explicit @csrf statement. Simply remove
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
1350 the @csrf element for that form.
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
1351
5298
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
1352 Errors and Troubleshooting - xmlrpc Required Header Missing
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
1353 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
6768
15238a434368 formatting fixes.
John Rouillard <rouilj@ieee.org>
parents: 6753
diff changeset
1354 When performing and xmlrpc call, if you see something like::
5298
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
1355
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
1356 xmlrpclib.Fault: <Fault 1: "<class
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
1357 'roundup.exceptions.UsageError'>:Required Header Missing">
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
1358
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
1359 change the setting of csrf_enforce_header_x-requested-with in
6768
15238a434368 formatting fixes.
John Rouillard <rouilj@ieee.org>
parents: 6753
diff changeset
1360 config.ini to no. So it looks like::
5298
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
1361
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
1362 csrf_enforce_header_x-requested-with = no
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
1363
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
1364 Alternatively change your xmlrpc client to add appropriate headers to
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
1365 the request including the:
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
1366
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
1367 X-Requested-With:
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
1368
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
1369 header as well as any other required csrf headers (e.g. referer, origin)
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
1370 configured in config.ini. See the advanced python client at the end of
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
1371 the `xmlrpc guide`_.
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
1372
5212
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1373 Support for SameSite cookie option for session cookie
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1374 -----------------------------------------------------
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1375
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1376 Support for serving the session cookie using the SameSite cookie option
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1377 has been added. By default it is set to lax to provide a better user
6688
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
1378 experience. But this can be changed to strict or the option can be
5212
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1379 removed entirely.
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1380
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1381 Using the process for merging config.ini changes described in
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1382 `Cross Site Request Forgery Detection Added`_ you can add the
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1383 ``samesite_cookie_setting`` to the ``[web]`` section of the config
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1384 file.
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1385
5147
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
1386 Fix for path traversal changes template resolution
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
1387 --------------------------------------------------
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
1388
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
1389 The templates in the tracker's html subdirectory must not be
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
1390 symbolic links that lead outside of the html directory.
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
1391
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
1392 If you don't use symbolic links for templates in your html
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
1393 subdirectory you don't have to make any changes. Otherwise you need to
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
1394 replace the symbolic links with hard links to the files or replace the
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
1395 symbolic links with the files.
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
1396
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
1397 This is a side effect of fixing a path traversal security issue. The
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
1398 security issue required a directory with a specific unusual name. This
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
1399 made it difficult to exploit. However allowing the use of
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
1400 subdirectories to organize the templates required that it be fixed.
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
1401
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
1402
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1403 Database back end specified in config.ini (required)
5267
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1404 ----------------------------------------------------
5068
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
1405
5041
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1406 The ``db/backend_name`` file is no longer used to configure the database
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1407 backend being used for a tracker. The backend is now configured in the
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1408 ``config.ini`` file using the ``backend`` option located in the ``[rdbms]``
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1409 section. For example if ``db/backend_name`` file contains ``sqlite``, a new
5096
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
1410 entry in the tracker's ``config.ini`` will need to be created::
5041
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1411
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1412 [rdbms]
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1413
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1414 ...
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1415
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1416 # Database backend.
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1417 # Default:
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1418 backend = sqlite
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1419
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1420 Once the ``config.ini`` file has been updated with the new ``backend`` option,
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1421 you can safely delete the ``db/backend_name`` file.
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1422
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1423 Note: the ``backend_name`` file may be located in a directory other than
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1424 ``db/`` if you have configured the ``database`` option in the ``[main]``
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1425 section of the ``config.ini`` file to be something other than ``db``.
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1426
5304
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1427 Note 2: if you are using the anydbm back end, you still set
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1428 it using the backend option in the rdbms section of the
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1429 config.ini file.
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1430
5096
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
1431 New config file option 'indexer' added
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
1432 --------------------------------------
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
1433
5304
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1434 This release added support for the Whoosh indexer, so a new
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1435 config file option has been
5096
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
1436 added. You can force Roundup to use a particular text indexer by
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
1437 setting this value in the [main] section of the tracker's
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
1438 ``config.ini`` file (usually placed right before indexer_stopwords)::
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
1439
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
1440 [main]
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
1441
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
1442 ...
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
1443
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
1444 # Force Roundup to use a particular text indexer.
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
1445 # If no indexer is supplied, the first available indexer
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
1446 # will be used in the following order:
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
1447 # Possible values: xapian, whoosh, native (internal).
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
1448 indexer =
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
1449
5295
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1450 Errors and Troubleshooting - Full text searching not working
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1451 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1452
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1453 If after the upgrade full text searching is not working try changing
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1454 the indexer value. If this is failing most likely you need to set
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1455 '''indexer = native''' to use the rdbms or db text indexing systems.
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1456
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1457 Alternatively you can do a
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1458 '''roundup-admin -i /path/to/tracker reindex'''
5752
4c0cdfe4f678 Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents: 5735
diff changeset
1459 to generate a new index using roundup's preferred indexer from the
4c0cdfe4f678 Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents: 5735
diff changeset
1460 list above.
4c0cdfe4f678 Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents: 5735
diff changeset
1461
4c0cdfe4f678 Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents: 5735
diff changeset
1462 Xapian error with flint when reindexing
4c0cdfe4f678 Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents: 5735
diff changeset
1463 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
4c0cdfe4f678 Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents: 5735
diff changeset
1464 If you reindex and are using xapian, you may get the error that
4c0cdfe4f678 Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents: 5735
diff changeset
1465 "flint" is not supported (looks like flint was removed after xapian
4c0cdfe4f678 Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents: 5735
diff changeset
1466 1.2.x). To fix this, you can delete the full text search database
4c0cdfe4f678 Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents: 5735
diff changeset
1467 located in the tracker home directory in the file '''db/text-index'''
4c0cdfe4f678 Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents: 5735
diff changeset
1468 and then perform a reindex.
5295
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1469
5108
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
1470 Stemming improved in Xapian Indexer
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
1471 -----------------------------------
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
1472
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
1473 Stemming allows a search for "silent" also match silently. The Porter
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
1474 stemmer in Xapian works with lowercase English text. In this release we
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
1475 lowercase the documents as they are put into the indexer.
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
1476
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
1477 This means capitalization is not preserved, but produces more hits by
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
1478 using the stemmer.
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
1479
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
1480 You will need to do a roundup-admin reindex if you are using the
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
1481 Xapian full text indexer on your tracker.
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
1482
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
1483
5098
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1484 New config file option 'replyto_address' added
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1485 ----------------------------------------------
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1486
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1487 A new config file option has been added to let you control the
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1488 Reply-To header on nosy messages.
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1489
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1490 Edit your tracker's ``config.ini`` and place the following after
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1491 the email entry in the tracker section::
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1492
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1493 [tracker]
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1494 ...
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1495
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1496 # Controls the reply-to header address used when sending
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1497 # nosy messages.
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1498 # If the value is unset (default) the roundup tracker's
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1499 # email address (above) is used.
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1500 # If set to "AUTHOR" then the primary email address of the
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1501 # author of the change will be used as the reply-to
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1502 # address. This allows email exchanges to occur outside of
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1503 # the view of roundup and exposes the address of the person
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1504 # who updated the issue, but it could be useful in some
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1505 # unusual circumstances.
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1506 # If set to some other value, the value is used as the reply-to
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1507 # address. It must be a valid RFC2822 address or people will not be
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1508 # able to reply.
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1509 # Default:
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1510 replyto_address =
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1511
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1512 Login from a search or after logout works better (required)
5270
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
1513 -----------------------------------------------------------
5121
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1514
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1515 The login form has been improved to work with some back end code
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1516 changes. Now when a user logs in they stay on the same page where they
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1517 started the login. To make this work, you must change the tal that is
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5158
diff changeset
1518 used to set the ``__came_from`` form variable. Note that the url
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5158
diff changeset
1519 assigned to __came_from must be url encoded/quoted and be under the
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5158
diff changeset
1520 tracker's base url. If the base_url uses http, you can set the url to
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5158
diff changeset
1521 https.
5121
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1522
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1523 Replace the existing code in the tracker's html/page.html page that
7277
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1524 looks similar to (look for name="__came_from"):
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1525
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1526 .. code::
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1527 :class: big-code
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1528
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1529 <input type="hidden" name="__came_from" tal:attributes="value string:${request/base}${request/env/PATH_INFO}">
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1530
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1531 with the following:
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1532
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1533 .. code:: html
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1534 :class: big-code
5121
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1535
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1536 <input type="hidden" name="__came_from"
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1537 tal:condition="exists:request/env/QUERY_STRING"
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1538 tal:attributes="value string:${request/base}${request/env/PATH_INFO}?${request/env/QUERY_STRING}">
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1539 <input type="hidden" name="__came_from"
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1540 tal:condition="not:exists:request/env/QUERY_STRING"
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1541 tal:attributes="value string:${request/base}${request/env/PATH_INFO}">
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1542
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1543 Now search backwards for the nearest form statement before the code
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1544 that sets __came_from. If it looks like::
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1545
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1546 <form method="post" action="#">
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1547
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1548 replace it with::
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1549
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1550 <form method="post" tal:attributes="action request/base">
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1551
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1552 or with::
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1553
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1554 <form method="post" tal:attributes="action string:${request/env/PATH_INFO}">
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1555
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1556 the important part is that the action field **must not** include any query
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1557 parameters ('#' includes query params).
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1558
5295
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1559 Errors and Troubleshooting - Unrecognized scheme in ...
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1560 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
5275
fee207407dee Add error and troubleshooting headers. Clarified the suggestion to a
John Rouillard <rouilj@ieee.org>
parents: 5274
diff changeset
1561
5270
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
1562 One symptom of failing to do this is getting an error:
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
1563
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
1564 Unrecognized scheme in ....
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
1565
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
1566 where the .... changes depending on the url path. You can see this
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
1567 when logging in from any screen other than the main index.
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
1568
5158
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1569 Option to make adding multiple keywords more convenient
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1570 -------------------------------------------------------
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1571
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1572 In the classic tracker, after adding a new keyword you are redirected
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1573 to the page for the new keyword so you can change the keyword's
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1574 name. This is usually not desirable as you usually correctly set the
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1575 keyword's name when creating the keyword. The new classic tracker has
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1576 a new checkbox (checked by default) that keeps you on the same page so
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1577 you can add a new keywords one after the other.
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1578
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1579 To add this to your own tracker, add the following code (prefixed with
7277
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1580 a +) after the entry box for the new keyword in html/keyword.item.html:
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1581
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1582 .. code::
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1583 :class: big-code
5158
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1584
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1585 <tr>
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1586 <th i18n:translate="">Keyword</th>
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1587 <td tal:content="structure context/name/field">name</td>
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1588 + <td tal:condition="not:context/id">
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1589 + <tal:comment tal:replace="nothing">
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1590 + If we get here and do not have an id, we are creating a new
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1591 + keyword. It would be nice to provide some mechanism to
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1592 + determine the preferred state of the "Continue adding keywords"
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1593 + checkbox. By default it is enabled.
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1594 + </tal:comment>
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1595 + <input type="checkbox" id="continue_new_keyword"
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1596 + name="__redirect_to"
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1597 + tal:attributes="value
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1598 + string:${request/base}${request/env/PATH_INFO}?@template=item;
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1599 + checked python:True" />
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1600 + <label for="continue_new_keyword" i18n:translate="">Continue adding keywords.</label>
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1601 + </td>
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1602 </tr>
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1603
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1604 Note remove the leading '+' when adding this to the templates.
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1605
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1606 The key component here is support for the '__redirect_to' query
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1607 property. It is a url which can be used when creating any new item
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1608 (issue, user, keyword ....). It controls the next page displayed after
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1609 creating the item. If '__redirect_to' is not set, then you end up on
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5158
diff changeset
1610 the page for the newly created item. The url value assigned to
5270
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
1611 __redirect_to must start with the tracker's base url and must be properly
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5158
diff changeset
1612 url encoded.
5158
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1613
5179
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1614 Helper popups trigger change events on the original page
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1615 --------------------------------------------------------
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1616
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1617 The helper popups used to set dates (from a calendar), change lists of
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1618 users or lists of issues did not notify the browser that the fields
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1619 had been changed. This release adds code to trigger the change event.
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1620
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1621 To add the change event to the calendar popup, you don't need to do
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1622 any changes to the tracker. It is all done in the roundup python code
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1623 in templating.py.
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1624
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1625 To add the change event when updating users using the help-submit
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1626 template, copy
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1627 share/roundup/templates/devel/html/_generic.help-submit.html and
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1628 replace your tracker's html/_generic.help-submit.html. If you have
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1629 done local changes to this file, change your file to include the code
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1630 that defines the onclick event for the input field with
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1631 id="btn_apply".
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1632
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1633 To add the change event when updating lists of issues copy
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1634 share/roundup/templates/devel/html/help_controls.js to your tracer's
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1635 html directory. If you have made local changes to the javascript file,
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1636 merge the two if/else blocks labeled::
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1637
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1638 /* trigger change event on the field we changed */
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1639
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1640 into your help_controls.js
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1641
5068
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
1642 html/_generic.404.html in trackers use page template
5078
487dc55e3c5e issue2550907 Fix errors when creating documentation. Work done by
John Rouillard <rouilj@ieee.org>
parents: 5068
diff changeset
1643 ----------------------------------------------------
5068
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
1644
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
1645 The original generic 404 error pages for many trackers did not use the
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
1646 standard page layout. This change replaces the html/_generic.404.html
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
1647 page with one that uses the page template.
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
1648
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
1649 If your deployed tracker is based on: classic, minimal, responsive or
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
1650 devel templates and has not changed the html/_generic.404.html file,
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
1651 you can copy in the new file to get this additional functionality.
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
1652
5154
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
1653 Organize templates into subdirectories
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
1654 --------------------------------------
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
1655
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
1656 The @template parameter to the web interface allows the use of
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
1657 subdirectories. So a setting of @template=view/view for an issue would
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
1658 use the template in the tracker's html/view/issue.view.html. Similarly
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
1659 for a caller class, you could put all the templates under the
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
1660 html/caller directory with names like: html/caller/caller.item.html,
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
1661 html/caller/caller.index.html etc. You may want to symbolically link the
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
1662 html/_generic* templates into your subdirectory so that missing
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
1663 templates (e.g. a missing caller.edit.html template) can be satisfied
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
1664 by the _generic.edit.html template.
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
1665
5156
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1666 Properly quote query dispname (displayed name) in page.html
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1667 -----------------------------------------------------------
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1668
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1669 A new method has been added to HTMLStringProperty called url_quote.
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1670 The default templates have been updated to use this in the "Your
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1671 Query" section of the trackers html/page.html file. You will want to
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1672 change your template. Lines starting with - are the original line and
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1673 you want to change it to match the line starting with the + (remove
7277
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1674 the + from the line):
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1675
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1676 .. code::
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1677 :class: big-code
5156
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1678
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1679 <tal:block tal:repeat="qs request/user/queries">
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1680 - <a href="#" tal:attributes="href string:${qs/klass}?${qs/url}&@dispname=${qs/name}"
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1681 + <a href="#" tal:attributes="href string:${qs/klass}?${qs/url}&@dispname=${qs/name/url_quote}"
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1682 tal:content="qs/name">link</a><br>
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1683 </tal:block>
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1684
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1685 Find the tal:repeat line that loops over all queries. Then
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1686 change the value assigned to @dispname in the href attribute from
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1687 ${qs/name} to ${qs/name/url_quote}. Note that you should *not* change
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1688 the value for tal:content.
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1689
5267
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1690 Allow "Show Unassigned" issues link to work for Anonymous user
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1691 --------------------------------------------------------------
5113
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
1692
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
1693 In this release the anonymous user is allowed to search the user
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
1694 class. The following was added to the schema for all templates that
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
1695 provide the search option::
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
1696
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
1697 p = db.security.addPermission(name='Search', klass='user')
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
1698 db.security.addPermissionToRole ('Anonymous', p)
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
1699
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
1700 If you are running a tracker that **does not** allow read access for
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
1701 anonymous, you should remove this entry as it can be used to perform
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
1702 a username guessing attack against a roundup install.
5068
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
1703
5295
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1704 Errors and Troubleshooting - Unassigned issues for anonymous
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1705 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
5276
a034f8d09a21 add doc on wierdness in 'Show Unassigned' error if user search for anon not added
John Rouillard <rouilj@ieee.org>
parents: 5275
diff changeset
1706
a034f8d09a21 add doc on wierdness in 'Show Unassigned' error if user search for anon not added
John Rouillard <rouilj@ieee.org>
parents: 5275
diff changeset
1707 If you notice that the "Unassigned Issues" search on page.html
a034f8d09a21 add doc on wierdness in 'Show Unassigned' error if user search for anon not added
John Rouillard <rouilj@ieee.org>
parents: 5275
diff changeset
1708 is displaying assigned issues for users with the Anonymous role,
a034f8d09a21 add doc on wierdness in 'Show Unassigned' error if user search for anon not added
John Rouillard <rouilj@ieee.org>
parents: 5275
diff changeset
1709 you need to allow search permissions for the user class.
a034f8d09a21 add doc on wierdness in 'Show Unassigned' error if user search for anon not added
John Rouillard <rouilj@ieee.org>
parents: 5275
diff changeset
1710
5120
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1711 Improvements in Classic Tracker query.edit.html template
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1712 --------------------------------------------------------
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1713
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1714 There is a new query editing template included in the distribution at:
5122
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1715
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1716 ``share/roundup/templates/classic/html/query.edit.html``
5120
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1717
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1718 This template fixes:
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1719
5122
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1720 * public query could not be removed from "Your Queries" once it was added.
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1721 Trying to do so would cause a permissions error.
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1722 * private yes/no dropdown always showed "yes" regardless of
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1723 underlying state
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1724 * query Delete button did not work.
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1725 * same query being displayed multiple times
5120
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1726
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1727 It also adds:
5122
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1728 * the table layout displays queries created by the user first,
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1729 then available public queries.
5120
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1730 * public query owners are shown
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1731 * better support for deleted queries. When a query is deleted, it is
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1732 still available for those who added it to their query list. If you
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1733 are the query owner, you can restore (undelete) the query. If you
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1734 are not the owner you can remove it from your query list.
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1735 (If a query is deleted and nobody had it in their query list, it
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1736 will not show up in the "Active retired queries" section. You will
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1737 have to use the class editor or roundup_admin command line to
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1738 restore it.)
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1739 * notifies the user that delete/restore requires javascript. It
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1740 always did, but that requirement wasn't displayed.
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1741
5122
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1742 To use the new template, you must add Restore permission on queries to
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1743 allow the user to restore queries (see below).
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1744
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1745 If you have not modified the query.edit.html template in your tracker,
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1746 you should be able to copy the new version from the location above.
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1747 Otherwise you will have to merge the changes into your modified template.
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1748
5272
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1749 Add the query Restore permission for the User role to your tracker's
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1750 schema.py file. Place it right after the query retire permission for
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1751 the user role. After the change it should look like::
5122
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1752
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1753 p = db.security.addPermission(name='Retire', klass='query', check=edit_query,
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1754 description="User is allowed to retire their queries")
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1755 db.security.addPermissionToRole('User', p)
5272
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1756 p = db.security.addPermission(name='Restore', klass='query',
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1757 check=edit_query,
5122
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1758 description="User is allowed to restore their queries")
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1759 db.security.addPermissionToRole('User', p)
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1760
5272
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1761 where the last four lines are the ones you need to add.
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1762
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1763 Usually you can add this to your User role. If all users have the User
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1764 role in common then all logged in users should be ok. If you have
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1765 users who do not include the User role (e.g. they may only have a
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1766 Provisional role), you should add the search permission to that role
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1767 (e.g. Provisional) as well if you allow them to edit their list of
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1768 queries.
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1769
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1770 Also see the `new search permissions for query in 1.4.17`_ section
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1771 discussing search permission requirements for editing queries. The
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1772 fixes in this release require the ability to search the creator of all
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1773 queries to work correctly.
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1774
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1775 If the test script for the `new search permissions for query in
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1776 1.4.17`_ doesn't report that a role has the ability to search queries
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1777 or at least search the creator property for queries, add the following
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1778 permissions to your schema.py::
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1779
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1780 s = db.security.addPermission(name='Search', klass='query',
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1781 properties=['creator'],
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1782 description="User is allowed to Search queries for creator")
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1783 db.security.addPermissionToRole('User', s)
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1784
5295
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1785 Errors and Troubleshooting - Public queries listed twice when editing
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1786 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
5275
fee207407dee Add error and troubleshooting headers. Clarified the suggestion to a
John Rouillard <rouilj@ieee.org>
parents: 5274
diff changeset
1787
5272
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1788 If you do not do this, public queries will be listed twice in the edit
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1789 interface. Once in the "Queries I created" section and again in the
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1790 "Queries others created" section of the query edit page
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1791 (``http..../query?@template=edit``).
5120
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1792
5274
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
1793 Fix security issues in query.item.html template
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
1794 -----------------------------------------------
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
1795 The default query.item.html template allows anybody to view all
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
1796 queries.
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
1797
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
1798 This has been updated in the classic, devel and responsive templates
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
1799 to only allow people to view queries they creates or queries that are
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
1800 publicly viewable.
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
1801
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
1802 If you haven't modified you query.item.html template, simply copy the
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
1803 query.item.html template from one of the above default templates to
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
1804 your tracker's html directory.
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
1805
5186
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1806 Enhancement to check command for Permissions
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1807 --------------------------------------------
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1808
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1809 A new form of check function is permitted in permission definitions.
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1810 The three argument form is still supported and will work the same
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1811 as it always has (although it may be depricated in the future).
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1812
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1813 If the check function is defined as::
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1814
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1815 check(db, userid, itemid, **ctx)
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1816
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1817 the ctx variable will have the context to use when determining access
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1818 rights::
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1819
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1820 ctx['property'] the name of the property being checked or None if
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1821 it's a class check.
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1822
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1823 ctx['classname'] the name of the class that is being checked
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1824 (issue, query ....).
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1825
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1826 ctx['permission'] the name of the permission (e.g. View, Edit...).
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1827
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1828 This should make defining complex permissions much easier. Consider::
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1829
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1830 def issue_private_access(db, userid, itemid, **ctx):
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1831 if not db.issue.get(itemid, 'private'):
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1832 # allow access to everything if not private
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1833 return True
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1834
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1835 # It is a private issue hide nosy list
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1836 # Note that the nosy property *must* be listed
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1837 # in permissions argument to the addPermission
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1838 # definition otherwise this check command
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1839 # is not run.
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1840 if ctx['property'] == 'nosy':
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1841 return False # deny access to this property
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1842
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1843 # allow access for editing, viewing etc. of the class
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1844 return True
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1845
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1846
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1847 e = db.security.addPermission(name='Edit', klass='issue',
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1848 check=issue_private_access,
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1849 properties=['nosy'],
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1850 description="Edit issue checks")
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1851
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1852 It is suggested that you change your checks to use the ``**ctx``
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1853 parameter. This is expected to be the preferred form in the future.
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1854 You do not need to use the ``ctx`` parameter in the function if you do
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1855 not need it.
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1856
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
1857 Changes to property permissions
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
1858 -------------------------------
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
1859
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
1860 If you create a permission:
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
1861
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
1862 db.security.addPermission(name='View', klass='user',
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
1863 properties=['theme'], check=own_record,
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
1864 description="User is allowed to view their own theme")
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
1865
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
1866 that combines checks and properties, the permission also matches a
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
1867 permission check for the View permission on the user class. So this
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
1868 also allows the user to see their user record. It is unexpected that
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
1869 checking for access without a property would match this permission.
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
1870
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
1871 This release adds support for making a permission like above only be
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
1872 used during property permission tests. See ``customizing.txt`` and
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
1873 search for props_only and set_props_only_default in the section
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
1874 'Adding a new Permission'
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
1875
5192
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
1876 Improve query editing
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
1877 ---------------------
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
1878
5194
3124be3cc197 Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents: 5192
diff changeset
1879 If a user creates a query with the same name as one of their existing
3124be3cc197 Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents: 5192
diff changeset
1880 queries, the query editing interface will now report an error. By
3124be3cc197 Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents: 5192
diff changeset
1881 default the query editing page (issue.search.html) displays the index
3124be3cc197 Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents: 5192
diff changeset
1882 page when the search is triggered. This is usually correct since the
3124be3cc197 Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents: 5192
diff changeset
1883 user expects to see the results of the query. But now that
3124be3cc197 Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents: 5192
diff changeset
1884 the code properly checks for duplicate search names, the user should
3124be3cc197 Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents: 5192
diff changeset
1885 stay on the search page if there is an error. To add this to your
5270
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
1886 existing issue.search.html page, add the following line after the
5194
3124be3cc197 Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents: 5192
diff changeset
1887 hidden field @old-queryname:
5192
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
1888
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
1889 <input type="hidden" name="@template" value="index|search"/>
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
1890
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
1891 With this addition, the index template is displayed if there is no
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
1892 error, and the user stays on the search template if there is an error.
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
1893
5323
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1894 New -L (loghttpvialogger) option to roundup-server
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1895 --------------------------------------------------
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1896
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1897 Http request logs from roundup-server are sent to stderr or
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1898 can be recorded in a log file (if -l or the logfile options
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1899 is used). However there is no way to rotate the logfile
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1900 without shutting down and restarting the roundup-server.
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1901
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1902 If the -L flag is used, the python logging module is used
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1903 for logging the http requests. The name for the log
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1904 (qualname) is 'roundup.http'. You can direct these messages
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1905 to a rotating log file by putting the following::
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1906
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1907 [loggers]
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1908 keys=roundup.http
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1909
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1910 [logger_roundup.http]
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1911 level=INFO
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1912 handlers=rotate_weblog
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1913 qualname=roundup.http
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1914 propagate=0
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1915
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1916 [handlers]
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1917 keys=rotate_weblog
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1918
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1919 [handler_rotate_weblog]
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1920 class=logging.handlers.RotatingFileHandler
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1921 args=('httpd.log','a', 512000, 2)
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1922 formatter=plain
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1923
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1924 [formatters]
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1925 keys=plain
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1926
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1927 [formatter_plain]
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1928 format=%(message)s
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1929
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1930 into a file (e.g. logging.ini). Then reference this file in
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1931 the 'config' value of the [logging] section in the trackers
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1932 config.ini file.
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1933
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1934 Note the log configuration above is an example and can be
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1935 merged into a more full featured logging config file for
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1936 your tracker if you wish. It will create a new file in the
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1937 current working directory called 'httpd.log' and will rotate
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1938 the log file at 500K and keep two old copies of the file.
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
1939
6170
dadcb4fe9f1d Ading index entries.
John Rouillard <rouilj@ieee.org>
parents: 6168
diff changeset
1940 .. index:: Upgrading; 1.5.0 to 1.5.1
dadcb4fe9f1d Ading index entries.
John Rouillard <rouilj@ieee.org>
parents: 6168
diff changeset
1941
4851
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
1942 Migrating from 1.5.0 to 1.5.1
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
1943 =============================
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
1944
5025
cf22972fe080 Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents: 4902
diff changeset
1945 User data visibility
cf22972fe080 Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents: 4902
diff changeset
1946 --------------------
cf22972fe080 Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents: 4902
diff changeset
1947
4902
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
1948 For security reasons you should change the permissions on the user
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
1949 class. We previously shipped a configuration that allowed users to see
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
1950 too many of other users details, including hashed passwords under
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
1951 certain circumstances. In schema.py in your tracker, replace the line::
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
1952
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
1953 db.security.addPermissionToRole('User', 'View', 'user')
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
1954
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
1955 with::
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
1956
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
1957 p = db.security.addPermission(name='View', klass='user',
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
1958 properties=('id', 'organisation', 'phone', 'realname',
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
1959 'timezone', 'username'))
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
1960 db.security.addPermissionToRole('User', p)
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
1961
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
1962 Note that this removes visibility of user emails, if you want emails to
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
1963 be visible you can add 'address' and 'alternate_addresses' to the list
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
1964 above.
5025
cf22972fe080 Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents: 4902
diff changeset
1965
cf22972fe080 Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents: 4902
diff changeset
1966 XSS protection for custom actions
cf22972fe080 Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents: 4902
diff changeset
1967 ---------------------------------
cf22972fe080 Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents: 4902
diff changeset
1968
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
1969 If you have defined your own cgi actions in your tracker instance
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
1970 (e.g. in a custom ``extensions/spambayes.py`` file) you need to modify
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
1971 all cases where client.error_message or client.ok_message are modified
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
1972 directly. Instead of::
4851
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
1973
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
1974 self.client.ok_message.append(...)
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
1975
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
1976 you need to call::
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
1977
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
1978 self.client.add_ok_message(...)
4851
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
1979
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
1980 and the same for::
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
1981
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
1982 self.client.error_message.append(...)
4851
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
1983
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
1984 vs.::
4851
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
1985
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
1986 self.client.add_error_message(...)
4851
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
1987
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
1988 The new calls escape the passed string by default and avoid XSS security
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
1989 issues.
4851
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
1990
7321
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
1991
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
1992 Migrating from older versions
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
1993 =============================
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
1994
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
1995 See the `historical migration <upgrading-history.html>`_ document.
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
1996
1008
10ed4791f969 Wrote most of the upgrading documentation (please read!)
Richard Jones <richard@users.sourceforge.net>
parents: 979
diff changeset
1997 .. _`customisation documentation`: customizing.html
7091
849e9b2d6926 Rename security.py to security-history.py; change reference
John Rouillard <rouilj@ieee.org>
parents: 7064
diff changeset
1998 .. _`security documentation`: security-history.html
2409
Richard Jones <richard@users.sourceforge.net>
parents: 2374
diff changeset
1999 .. _`administration guide`: admin_guide.html
5298
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
2000 .. _`xmlrpc guide`: xmlrpc.html
6588
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6586
diff changeset
2001 .. _FTS5 full-text search engine: https://www.sqlite.org/fts5.html
6604
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
2002 .. _PostgreSQL's full text search: https://www.postgresql.org/docs/current/textsearch.html
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
2003 .. _`administration guide notes on native-fts`: admin_guide.html#configuring-native-fts-full-text-search
6591
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
2004 .. _Configuring Compression: admin_guide.html#configuring-compression
6781
b3d4b25b4922 Add links some updates.
John Rouillard <rouilj@ieee.org>
parents: 6780
diff changeset
2005 .. _Software Upgrade: admin_guide.html#software-upgrade
7281
194093011cb7 Move upgrade directions for version < 1.5.0 to history document
John Rouillard <rouilj@ieee.org>
parents: 7277
diff changeset
2006 .. _new search permissions for query in 1.4.17:
194093011cb7 Move upgrade directions for version < 1.5.0 to history document
John Rouillard <rouilj@ieee.org>
parents: 7277
diff changeset
2007 upgrading-history.html#new-search-permissions-for-query-in-1-4-17
Roundup Issue Tracker: http://roundup-tracker.org/