![[ChimeraX Issue Tracking System]](/trac/ChimeraX/chrome/site/ChimeraX-icon.svg){kind=icon}
Opened 6 years ago
Closed 6 years ago
#3059 closed defect (fixed)
Toolshed bundle release page does not work
| Reported by: | Conrad Huang | Owned by: | Greg Couch |
|---|---|---|---|
| Priority: | blocker | Milestone: | 1.1 |
| Component: | Tool Shed | Version: | |
| Keywords: | Cc: | ||
| Blocked By: | Blocking: | ||
| Notify when closed: | Platform: | all | |
| Project: | ChimeraX |
Description
The bundle release page (https://cxtoolshed.rbvi.ucsf.edu/apps/devel/release) no longer works. Firefox reports something about cookies, but I don't think that's the real problem.
Change History (13)
comment:1 by , 6 years ago
| Resolution: | → worksforme |
|---|---|
| Status: | assigned → closed |
comment:2 by , 6 years ago
| Resolution: | worksforme |
|---|---|
| Status: | closed → reopened |
It looks like my request gets into an authentication loop:
GET https://cxtoolshed.rbvi.ucsf.edu/apps/devel/release
GET https://cxtoolshed.rbvi.ucsf.edu/users/login?next=/apps/devel/release
GET https://cxtoolshed.rbvi.ucsf.edu/apps/devel/release
GET https://cxtoolshed.rbvi.ucsf.edu/users/login?next=/apps/devel/release
...
and then the browser (both Firefox and Chrome) gives up after a while.
follow-up: 4 comment:4 by , 6 years ago
I added a "csrf" thing to apps/templates/devel_release.html and it started working for me on the preview site. The production site still does not work for me. Have you tried logging out from the toolshed and trying the same URL? On 4/16/2020 5:50 PM, ChimeraX wrote:
comment:5 by , 6 years ago
| Status: | reopened → feedback |
|---|
I could have sworn, I responded to this. Anyway, I have not had any problems logging in and out. Both firefox and chrome work for me.
I see that apps/templates/app_page.html has the csrf thing at the file level scope as well, but at the top of the file instead of the end. So it seems reasonable to put in devel_release.html as well. I'll put this on the production site. Please confirm that it works there.
follow-up: 6 comment:6 by , 6 years ago
Nope. The production site still does not work for me. Here is my request:
Request URL:https://cxtoolshed.rbvi.ucsf.edu/apps/devel/release
Request Method:GET
Remote Address:169.230.27.37:443
with headers (which I'm typing in because Firefox doesn't let me
copy-and-paste):
Host: cxtoolshed.rbvi.ucsf.edu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:75.0)
Gecko/20100101 Firefox 75.0
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*,q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: ...
Upgrade-Insecure-Request: 1
Cache-Control: max-age=0
with cookies (for which Firefox /does/ allow c&p):
__cfduid "d59ae1f86da3def0158427bf2a29f71ef1586132613"
__utma "190552953.1160836638.1584396290.1587076192.1587406188.16"
__utmb "190552953.1.10.1587406188"
__utmc "190552953"
__utmt "1"
__utmz
"190552953.1587058689.14.2.utmcsr=rbvi.ucsf.edu|utmccn=(referral)|utmcmd=referral|utmcct=/trac/ChimeraX/wiki"
csrftoken "Wdmsx0sb8s1OYUBMbKrMzmfAmKY9ZNuss1nosCiQ66QyF9en9PVzkn1sTpVUyWEi"
cytoscape.AppStore.Nav.TagList "show_some"
cytoscape.AppStore.Nav.Tags "tag_list"
go_back_to_title "home"
go_back_to_url "/"
sessionid "3a2o05a6ecn4ggjzbaq7ma725gwk4wsd"
wisepops
"{\"csd\":1,\"popups\":{\"195138\":{\"dc\":2,\"d\":\"2020-03-30T23:44:40.588Z\"},\"197460\":{\"dc\":1,\"d\":\"2020-04-02T18:05:50.022Z\"}},\"sub\":0,\"ucrn\":85,\"cid\":\"42396\",\"v\":4}"
wisepops_visits
"[\"2020-04-02T18:05:49.403Z\",\"2020-03-31T00:44:18.692Z\",\"2020-03-31T00:43:49.313Z\",\"2020-03-30T23:44:25.581Z\",\"2020-03-18T20:53:30.792Z\",\"2020-03-16T18:30:53.861Z\"]"
What does your request look like?
Conrad
On 4/17/2020 9:51 PM, ChimeraX wrote:
comment:7 by , 6 years ago
How do I see the request?
In the web console, when I access apps/devel/release, I see:
Script terminated by timeout at: returnFalse@https://ajax.googleapis.com/ajax/libs/jquery/1/jquery.js:4261:1 trigger@https://ajax.googleapis.com/ajax/libs/jquery/1/jquery.js:4541:44 simulate@https://ajax.googleapis.com/ajax/libs/jquery/1/jquery.js:4877:17 handler@https://ajax.googleapis.com/ajax/libs/jquery/1/jquery.js:5140:18
And I only see 5 cookies:
csrftoken:"qk9xt9MCXNKuPPfYUGhzaY9Sb13GRC8dFP5pXNUbB4u8eu7Rbr1Ld3Ll2s4hZnF0" cytoscape.AppStore.Nav.TagList:"show_some" cytoscape.AppStore.Nav.Tags:"tag_list" go_back_to_title:"home" go_back_to_url:"%2F"
And after signing in, I get an addition sessionid cookie.
Are you already logged into gmail when you try to authenticate?
follow-up: 8 comment:8 by , 6 years ago
In Firefox, click "Tools"/"Web Developer"/"Network", which should pop up the Developer Tool window (or it may show at the bottom of the browser window). Load the page. The request(s) should appear in the Developer Tool window. Click on one of the GET requests; the details pane should appear on the right. The "Headers" tab shows the request and headers; the "Cookies" tab shows the cookies. On 4/20/2020 11:56 AM, ChimeraX wrote:
comment:9 by , 6 years ago
In the Network, I'm only seeing the GET requests for the web page contents, bootstrap.min.css and base.css, not the one for the web page. Zoom at 3 p.m.?
follow-up: 10 comment:10 by , 6 years ago
Yes. That means the toolshed is acknowledging that your GET request is properly authenticated. The question is "what in the request makes it properly authenticated?" Can you compare your request data against what I sent previously? On 4/20/2020 12:13 PM, ChimeraX wrote:
comment:11 by , 6 years ago
I see two entries in the Network / HTML page, one for "release" and the other for "login?next=/apps/devel/release".
For release:
Request URL:https://cxtoolshed.rbvi.ucsf.edu/apps/devel/release Request Method:GET Remote Address:169.230.27.37:443 Status Code: 302 Version:HTTP/1.1
Response Headers:
HTTP/1.1 302 Found Date: Tue, 21 Apr 2020 00:09:42 GMT Server: Apache/2.4.6 (CentOS) Location: /users/login?next=/apps/devel/release Content-Length: 0 X-Frame-Options: DENY Vary: Cookie X-Content-Type-Options: nosniff Connection: close Content-Type: text/html; charset=utf-8
Request Headers:
Host: cxtoolshed.rbvi.ucsf.edu User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:75.0) Gecko/20100101 Firefox/75.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Cookie: csrftoken=qd20P13tBzexLjXZ9VUFYY0aQpCnqgsrEzFSUWHq9L2gHiceE9U0XDRc04JZwoBq; cytoscape.AppStore.Nav.TagList=show_some; cytoscape.AppStore.Nav.Tags=tag_list; go_back_to_title=home; go_back_to_url=%2F; __utma=190552953.1122335901.1587411201.1587411201.1587427776.2; __utmc=190552953; __utmz=190552953.1587411201.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmb=190552953.1.10.1587427776; __utmt=1 Upgrade-Insecure-Requests: 1
follow-up: 12 comment:12 by , 6 years ago
I got it to work by going into the admin interface and setting my Google account to be both staff and superuser. Thought I had done that when we went to Python 3 but the two checkboxes were definitely not checked. This is a strange failure mode, since it really should say "permission denied" or something. But it probably should not come up too often. On 4/20/2020 5:16 PM, ChimeraX wrote:
comment:13 by , 6 years ago
| Milestone: | RC 1 → 1.1 |
|---|---|
| Resolution: | → fixed |
| Status: | feedback → closed |
Works well enough for now.
Works for me. Maybe you tried it when I briefly broke it while updating the production toolshed to use relative imports and cxtoolshed3 absolute imports. Updating didn't fix the conf/*.py files.