Feature #13458
allow anonymous read access on review.typo3.org
| Status: | Resolved | Start date: | 2011-03-01 | |
|---|---|---|---|---|
| Priority: | Could have | Due date: | ||
| Assignee: | Peter Niederlag | % Done: | 100% |
|
| Category: | Gerrit | |||
| Target version: | - | |||
| Votes: | 1 (View) |
Description
It would be nice if
- we allowed anonymous read access
- provide an improved modern login mechnismen/form
Related issues
| related to git.typo3.org - Bug #13654: Logout from Gerrit is not working | Closed | 2011-03-06 |
History
Updated by Markus Klein about 2 years ago
Please remove the login process for the RSS feeds.
At least Outlook does not support HTTP auth for RSS.
Thx.
Updated by Ernesto Baschny about 2 years ago
About RSS feeds for git commits:
The http://git.typo3.org is anonymous read-only already, so the RSS feed should be available without authentication. E.g.:
- RSS for commits to "master" branch:
http://git.typo3.org/TYPO3v4/Core.git?a=rss;h=refs/heads/master
- RSS for commits to "TYPO3_4-5" branch:
http://git.typo3.org/TYPO3v4/Core.git?a=rss;h=refs/heads/TYPO3_4-5
About RSS feeds for Gerrit reviews: I cannot even find a RSS feed for this. Are you sure?
Updated by Steffen Müller about 2 years ago
+1 for anonymous gerrit access.
FYI: There's also an Atom feed of latest commits:
http://git.typo3.org/TYPO3v4/Core.git?a=atom;h=refs/heads/master
Updated by Karsten Dambekalns about 2 years ago
- Category set to Gerrit
Updated by Karsten Dambekalns about 2 years ago
- Status changed from New to Accepted
- Assignee set to Karsten Dambekalns
I played around a little and finally gave up - now I hope for an answer from the Gerrit mailing list.
Updated by Chris topher almost 2 years ago
As Xavier also wrote in his release minutes:
I think that being unable to see the patches and discussions in Gerrit, if you are not logged in, is a main reason for the low activity there.
Without logging in you can currently neither see pending patches, neither review a patch, nor discuss it.
That all is no longer as public as it was on the Core List, so that people do not see all this.
I feel that this prevents progress for the project as such.
Having anonymous read access would be really important.
@ Karsten: The guys from Eclipse have a Gerrit installation with anonymous read access (without http basic auth).
See http://egit.eclipse.org/
Maybe someone of them is able to help us?
Updated by Peter Niederlag almost 2 years ago
If it would be easy it would be there already. We are using http basic auth, in combination with SSO onto typo3.org. Also according to the answer from the ML it should work it just doesn't. :-< I have also just spent a couple of hours on trying to set it up: unfortunatly I failed as much as Karsten previously.
Updated by Peter Niederlag almost 2 years ago
[update] egit.eclipse.org most likely uses LDAP authentication. With LDAP and OPENID you get nicely working login/logout forms. none of these unfortunatly seem possible right away for us currently.
Updated by Chris topher almost 2 years ago
The problem with http basic auth is that it just protects all calls to the directory. Can that be modified somehow?
But even if it could: I read that - if you use http basic auth - Gerrit assumes that the user, who calls a Gerrit page, is already logged in.
So if I understand it correctly, the consequence is, that viewing pages in Gerrit anonymously is just not possible, as long as you use http auth.
Updated by Xavier Perseguers almost 2 years ago
Message from myself:
When someone "cancels" the basic authentication dialog, we would like him/her to be redirected to http://wiki.typo3.org/Gerrit, we will update the page to provide useful information such as how to get a typo3.org username.
Answer from Karsten;
No, I guess this is not possible. Either the webserver sees an authentication header and all is fine, or it does not and asks for credentials. Basic authentication in HTTP only knows those two states. There is no 'cancel' really, and on top of that making such a redirect would mean hacking Gerrit.
Sorry, but I don't see the problem. Basically what is asked is to put such a line in the Apache configuration:
ErrorDocument 403 http://wiki.typo3.org/Gerrit
It should work, I guess?
Updated by Karsten Dambekalns almost 2 years ago
Xavier Perseguers wrote:
Sorry, but I don't see the problem. Basically what is asked is to put such a line in the Apache configuration:
Oh. That easy. Well, no problem. Almost. The code must be 401, and for that the use of a full URL is not possible. Using a local file that redirects to the wiki redirects right away, not even asking for the credentials. Provide me with some lines of text you'd like to see on a "cancel page" and I'll try again, people will have to read and then klick a link, should also be ok.
Updated by Peter Niederlag almost 2 years ago
I am still digging into this and finally have anonymous setup working in my local installation :->. I'll rework my (very few lines) patch and recheck with gerrit ML. It seems doable in the near future.
Updated by Steffen Müller almost 2 years ago
good news! thanks for that!
Updated by Karsten Dambekalns almost 2 years ago
Peter Niederlag wrote:
It seems doable in the near future.
Awesome!
Updated by Chris topher almost 2 years ago
Peter Niederlag wrote:
It seems doable in the near future.
Peter, that is great! :-)
Updated by Karsten Dambekalns almost 2 years ago
- Assignee changed from Karsten Dambekalns to Peter Niederlag
Any news on this one?
Updated by Peter Niederlag almost 2 years ago
- File http-anon-access.patch added
This is the simple patch I came up with.
1. it adds the "login" entry into the menu
2. it doesn't redirect all requests thorugh the Login-servlet by disabling the filter
In addition it needs this apache config in vhost container:
ErrorDocument 401 /authenticate.php ProxyPass /authenticate.php !
authenticate.php actually outputs very simple html(sending headers does NOT work)
<meta http-equiv="REFRESH" content="0;url=/"></HEAD> </head> <body> <p>You should be redirected, if not please got to <a href="http://review/">http://review</a></p>
I confirmed this to be working on my local machine after a dozen of try and error runs. I think we can give it a shot and roll this one out on review.typo3.org.
Updated by Ernesto Baschny almost 2 years ago
Yes, do it! It would rock'n'roll!
Updated by Peter Niederlag almost 2 years ago
- Status changed from Accepted to Resolved
- % Done changed from 0 to 100
OK, finally rolled out on https://review.typo3.org
Updated by Chris topher almost 2 years ago
Peter Niederlag wrote:
OK, finally rolled out on https://review.typo3.org
I just was confused when I did not find my projects and my dashboard in Gerrit anymore, when suddenly I realized that I still was not logged in. :-)
It is great, that this is working now!
Thanks, Peter!