Activity for Apache Allura™
-
Carlos Cruz posted a comment on merge request #412
Fixes: Reverted the use of owner and owner_id back to user and user_id in order to be consistent with the user objects set in the authentication pipeline. Removed the use of ast.literal_eval and replaced it in favor of json.dumps to serialize the credentials object and json.loads to reconstruct it Fixed the issue with access tokens' expiration date Fixed failing tests Removed try / except clauses from the authorization and token endpoints The OAuth2AccessToken has no attribute remove error was fixed...
-
Dillon Walls modified ticket #8560
Support Google Analytics 4 (GA4)
-
Support Google Analytics 4 (GA4)
-
Dave Brondsema posted a comment on merge request #412
I also got this error when re-authorizing an app a 2nd time 15:55:11,232 ERROR [allura.controllers.rest] type object 'OAuth2AccessToken' has no attribute 'remove' Traceback (most recent call last): File "/src/allura/Allura/allura/controllers/rest.py", line 575, in token headers, body, status = self.server.create_token_response(uri=request.url, http_method=request.method, body=json_body, headers=request.headers) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^...
-
instead of ast.literal_eval what about json.loads? I think that'd be a bit more typical and safer (literal_eval is more safe than regular eval, but I just checked the docs and it does have some warnings about ways it might not be safe) several TestOAuth2 tests fail with allura/controllers/rest.py:547: in do_authorize credentials = ast.literal_eval(request.params['credentials']) ../../env3-allura/lib/python3.11/site-packages/webob/multidict.py:344: in __getitem__ raise KeyError(key) E KeyError: 'credentials'...
-
Ignore .vscode settings folder
-
Ignore .vscode settings folder
-
Implement security features for OAuth2 support
-
Kenton Taylor modified ticket #8559
tickets API: better type handling
-
Merged.
-
tickets API: better type handling
-
allura:db/8559 It actually mostly worked, only a few code changes needed. Tests and docs improved.
-
tickets API: better type handling
-
Add authorization view for OAuth2 support
-
Add tests to OAuth2 features
-
need to restore the csp.form_actions_enforce code that is commented out. Either now or in a following merge request, can make it skip only for the oauth redirects allura/tests/functional/test_root.py has failures because of this allura/tests/functional/test_auth.py and allura/tests/functional/test_rest.py test failures. Interestingly, they pass if I have auth.oauth2.enabled = false in development.ini (but then some oauth2 tests fail of course) If those get addressed, then I can merge this as an incremental...
-
need to restore the csp.form_actions_enforce code that is commented out. Either now or in a following merge request, can make it skip only for the oauth redirects allura/tests/functional/test_root.py has failures because of this allura/tests/functional/test_auth.py and allura/tests/functional/test_rest.py test failures. Interestingly, they pass if I have auth.oauth2.enabled = false in development.ini (but then some oauth2 tests fail of course) If those get addressed, then I can merge this as an incremental...
-
need to restore the csp.form_actions_enforce code that is commented out. Either now or in a following merge request, can make it skip only for the oauth redirects allura/tests/functional/test_root.py has failures because of this allura/tests/functional/test_auth.py and allura/tests/functional/test_rest.py test failures. Interestingly, they pass if I have auth.oauth2.enabled = false in development.ini (but then some oauth2 tests fail of course) If those get addressed, then I can merge this as an incremental...
-
Guillermo Cruz committed [062892] on Git
code updates to AkismetWithoutStartupVerify
-
user email changes not getting into solr
-
pin docutils to v0.20.1 to keep compatibility with older versions of Python
-
Upgrade python packages
-
ticket has been merged
-
First pass of feedback, also including earlier merge request(s). More to come probably, but I wanted to give you what I have so far: the commits should use Allura ticket numbers. I found a ticket for oauth2 support here: https://forge-allura.apache.org/p/allura/tickets/7272/ so can you rebase the branch and edit the commit messages to be [#7272]? test_revoke_tokens fails comparing model classes to oauth1 ones: those that have a user_id field, you can add a user = RelationProperty('User') line similar...
-
[#8557] updated _strip_tags_re with regexp since it was removed from markupsafe package
-
[#8557] Upgrade pre-commit 3.6.0 -> 3.7.0, and its deps: cfgv,identify,nodeenv,setuptools,PyYAML,virtualenv,distlib,filelock,platformdirs
-
[#8557] Upgrade gunicorn 21.2.0 -> 22.0.0, and its deps: packaging
-
[#8557] Upgrade pytest-sugar 0.9.7 -> 1.0.0, and its deps: packaging,pytest,iniconfig,packaging,pluggy,termcolor
-
[#8557] Upgrade pytest 7.4.4 -> 8.1.1, and its deps: iniconfig,packaging,pluggy
-
[#8557] Upgrade testfixtures 7.2.2 -> 8.1.0
-
[#8557] Upgrade ruff 0.3.2 -> 0.3.7
-
[#8557] Upgrade werkzeug 3.0.1 -> 3.0.2, and its deps: MarkupSafe
-
[#8557] Upgrade WebHelpers2 2.0 -> 2.1, and its deps: MarkupSafe,six
-
[#8557] Upgrade requests-oauthlib 1.3.1 -> 2.0.0, and its deps: oauthlib,requests,certifi,charset-normalizer,idna,urllib3
-
[#8557] Upgrade python-dateutil 2.8.2 -> 2.9.0. (OUTDATED! latest is: 2.9.0.post0), and its deps: six
-
[#8557] Upgrade Pypeline 0.6.1 -> no upgrade, and its deps: bleach,six,webencodings,html5lib,six,webencodings,Creoleparser,Genshi,six,six,Markdown,textile,html5lib,six,webencodings,regex,docutils
-
[#8557] Upgrade PasteScript 3.4.0 -> 3.5.1, and its deps: Paste,setuptools,six,PasteDeploy,setuptools,six
-
[#8557] Upgrade Markdown 3.5.2 -> 3.6
-
[#8557] Upgrade GitPython 3.1.41 -> 3.1.43, and its deps: gitdb,smmap
-
[#8557] Upgrade emoji 2.9.0 -> 2.11.0
-
[#8557] Upgrade beaker-session-jwt 1.0.1 -> no upgrade, and its deps: Beaker,joserfc,cryptography,cffi,pycparser,pymongo
-
[#8557] Upgrade Beaker 1.12.1 -> 1.13.0
-
[#8557] Upgrade beautifulsoup4 4.12.2 -> 4.12.3, and its deps: soupsieve
-
[#8557] Upgrade ActivityStream 0.4.2 -> no upgrade, and its deps: pymongo
-
Upgrade python packages
-
First pass of feedback, also including earlier merge request(s). More to come probably, but I wanted to give you what I have so far: the commits should use Allura ticket numbers. I found a ticket for oauth2 support here: https://forge-allura.apache.org/p/allura/tickets/7272/ so can you rebase the branch and edit the commit messages to be [#7272]? test_revoke_tokens fails comparing model classes to oauth1 ones: those that have a user_id field, you can add a user = RelationProperty('User') line similar...
-
Add tests to OAuth2 features
-
bump idna 3.6 -> 3.7
-
Add authorization view for OAuth2 support
-
[#8556] simplify more calls
-
[#8556] remove unnecessary extra () on has_access calls
-
[#8556] avoid recursive TruthyCallable
-
check blocked users better
-
merged
-
[#8555] debugging option within has_access
-
[#8555] some specific checks for blocked users, when creating new forum threads
-
bump Pillow package 10.2.0 -> 10.3.0
-
check blocked users better
-
[#8556] simplify more calls
-
[#8556] remove unnecessary extra () on has_access calls
-
[#8556] avoid recursive TruthyCallable
-
[#8555] debugging option within has_access
-
[#8555] some specific checks for blocked users, when creating new forum threads
-
deprecate and remove has_access(..)() syntax
-
db/8556 on allura, forgehg, and forgepastebin db/8556-breaking-removal needs to be merged later, after we do a release and give anyone a chance to update their code. You can review and test it though.
-
[#8556] unindent block
-
[#8556] remove TruthyCallable and predicate stuff used by has_access
-
[#8556] simplify more calls
-
[#8556] remove unnecessary extra () on has_access calls
-
[#8556] avoid recursive TruthyCallable
-
[#8555] debugging option within has_access
-
[#8555] some specific checks for blocked users, when creating new forum threads
-
deprecate and remove has_access(..)() syntax
-
db/8555 It was tempting to change this has_access code: # access is denied for this role break to be return False. That would've fixed this situation, but made several other tests fail. Instead, I decided it'd be better to change a few non-core places, and not change the core has_access logic (even if maybe it deserves a refactor some day)
-
check blocked users better