Apache Allura™

• Milestone: forge-backlog --> forge-aug-23

• Size: --> 4

• Milestone: forge-aug-23 --> forge-sep-06

• Milestone: forge-sep-06 --> forge-sep-20

For SF, we should consider putting the CSS in the parent sftheme styles so that it can be re-used with sfpy.

• status: open --> in-progress
• assigned_to: Cory Johns

allura:cj/6529
sftheme:cj/6529
sfx:cj/6529

• status: in-progress --> code-review

• QA: Dave Brondsema

• status: code-review --> in-progress

• Allura/allura/templates/login_fragment.html is missing
• It might be a side-effect of the missing template, but the login overlay box appears at the bottom of the page, not floating above the main content, and the main content isn't grayed out at all.
• why is require_access needed in the process() method since it's already happening in _check_security? Is it because _check_security is running but merely doing an overlay and not blocking the request? That is a little unsettling. We'll have to be careful when we use login_overlay within _check_security.
• Somethings sits wrong with me when I see lib/security.py setting c.show_login_overlay. I'm not sure exactly how to make it better though. Instead of require[_access] functions doing it, the controller could catch HTTPUnauthorized and set c.show_login_overlay. I think it's a little better to have that in the controller layer, but then we have a few lines of boilerplate in every controller that uses it. A helper function could do it? But that is starting to seem silly since it's just a few lines of code right now.
• tests?

I totally forgot to git add a couple of new files, so that's why it's broken. I force-pushed those changes if you want to take a look, but...

I also wasn't super happy with putting the logic in require* but wasn't sure of a better approach. I went with putting it in there because the view code is in master.html, so I figured it was already "system level," but I'm not happy with it. Also, the reason for the extra require_access check in process is because we don't want to show the overlay for the action methods, which is another side-effect of the logic being in the wrong place.

I'm thinking now what would be better would be to make this a decorator that catches and overrides the HTTPUnauthorized / login redirect for only the decorated view. I'll look in to making that change as well as adding tests.

• status: in-progress --> code-review

Refactor and tests (force) pushed to:
allura:cj/6529

• need target=_top on Forgot pwd and Create Account links (sfx)
• I'd like to see a bit more in the way of docs. We don't have a good doc yet on custom authentication or custom themes to which we could add (only docs/extending.html), so I'd say just at a minimum:
  • include # auth.login_fragment_url in development.ini so its discoverable
  • docstring for login_overlay (the exceptions param really confused me since I initially though it was for http exception types)
• in sftheme I believe we can call out to allura_theme_macros.login_overlay() and re-use the Allura version directly instead of duplicating

• status: code-review --> in-progress

• status: in-progress --> code-review

Pushed to all of:
allura:cj/6529
sftheme:cj/6529
sfx:cj/6529

Btw, I couldn't get a decorator to work because the _check_security happens before the view method is even resolved so the decorator never comes in to play. I definitely don't like the exceptions parameter but I couldn't figure out a better way to do it. I'd love suggestions.

• status: code-review --> closed