These are chat archives for inveniosoftware/invenio

14th
Aug 2017
Lars Holm Nielsen
@lnielsen
Aug 14 2017 10:04

DevForum cancelled today

Lars Holm Nielsen
@lnielsen
Aug 14 2017 11:33

Invenio Sprint Week 31-32 Re-cap

Statistics:

  • 89 developer days
  • 126 commits
  • 6.6k lines touched (4.7k additions / 1.8 k deletions)

Focus:

  • Data model issues (in Invenio-Access and Invenio-OAIServer).
  • Security issues (permanent sessions, remember me, content security policy).
  • Working demo site (remove annoying warnings, fixed docs, SSL problems, bugs, admin interfaces, ...).

Result:

Auth bundle is now stabilised and in beta (Accounts, Access, Profiles, OAuthClient and OAuth2Server).

Changes:

  • DoJSON (v1.3.2):
    • Remove "'Undo' is experimental" warning
  • Flask-Menu (v0.6.0):
    • Python 3 warnings fixes
  • Invenio
    • Fixed login problem
  • Invenio-Access (v1.0.0b1):
    • Reviewed module and fixed data model issues.
    • Deprecated DynamicPermission in favor of Permission (aligning with Flask-Principal's deny by default behavior)
    • Added system roles with support for any user and authenticated user (could be extended to support IP-based access control). ActionUsers was previously used for similar feature by setting user_id to None but this is no longer possible.
    • Updated administration interface.
    • Added usage documentation (https://invenio-access.readthedocs.org).
    • Fixed superuser issues.
  • Invenio-Accounts (v1.0.0b8):
    • Fixed Content Security Policy issues
    • Removed remember me login support in favor of using permanent sessions (remember me support could be used to circumvent a revoked session).
    • Removed support for login via headers (enabled by Flask-Security by default).
    • Fixed Content Security Policy problems in templates.
    • Upgraded to Flask-Security v3 (thanks to @jacquerie).
  • Invenio-Admin (v1.0.0b3):
    • Disabled Content Security Policy on admin interface.
  • Invenio-App (v1.0.0b1):
    • Adds Jinja byte code caching support.
    • iPython is now the default shell.
  • Invenio-App-ILS (v1.0.0a3):
    • Added initial Selenium integration tests.
    • Fixed email sending when in debug mode.
    • Bumped all packages to latest versions.
    • Fixed Celery 4 configuration warnings.
    • Clarified force HTTPS behaviour and adapted the user guide.
  • Invenio-Celery (v1.0.0b3):
    • Fixed Celery 4 configuration warnings.
  • Invenio-DB (v1.0.0b8):
    • Disabled SQL statement printing when in debug mode (has to be enabled manually now).
  • Invenio-I18N (v1.0.0b4):
    • Fixed Content Security Policy issues in templates.
  • Invenio-OAIServer (v1.0.0a13):
    • Fixed selective harvesting by timestamp caused by Marshmallow field parsing bug.
    • Removed updated timestamp _oai.updated from record in favor of using the record models updated date (fixes issue with selective datetime harvesting).
    • Add support for searching by spec in admin interface.
  • Invenio-OAuth2Server (v1.0.0b1):
    • Added feature to show scopes related to an authorized application.
    • Added client example application to enable easier testing.
    • Added new scope user:email which when granted will return the user's email address in the access token.
    • Updated "authortize this application" template.
    • Fixed security issue that allowed obtaining a session cookie via an access token and thus bypassing scope protection.
    • Fixed Content Security Policy issues in templates.
    • Fixed issue when strings where not strictly URL encoded (better error message).
    • Fixed template rendering issues when no scopes where given and with example URLs.
  • Invenio-OAuthClient (v1.0.0b2):
    • Added admin interface for UserIdentity.
    • Fixed Flask-WTF v0.14/v0.13 CSRF validation issues.
    • Reorganized documentation to new structure.
    • Removed support for remember me feature.
    • Remove "Linked accounts" menu item when no providers where defined.
    • Fixed Content Security Policy issues in templates.
    • Fixed issue with always redirecting to "Linked accounts" after a login.
  • Invenio-PIDStore (v1.0.0b2):
    • New release.
  • Invenio-Search-JS (v1.2.0):
    • Fixed strict URL encoding of query strings.
    • Fixed Content Security Policy issues in CSS.
  • Invenio-Search-UI (v1.0.0a7):
    • Fixed template issue.
  • Invenio-Theme (v1.0.0b4)
    • Fixed Content Security Policy issues in templates.
  • Invenio-Cache (v1.0.0b1):
    • New module which provided Redis/Memcahed cahing support.

What's next?

Next Invenio Sprint (dates to come) will focus on:
  • Metadata bundle:
    • JSONSchemas, PIDStore, Records, Indexer, Records-UI, Search, OAIServer, Records-REST
  • General documentation
  • Framework launch (process, branches, maintenance plan, user experience)
Thanks to @remileduc @drjova @hachreak @diegodelemos @hjhsalo @nharraud @dinosk @ntarocco @switowski for all the hard work on this sprint!!!Invenio Sprint Week 31-32 Re-cap
Ioannis Tsanaktsidis
@ioannistsanaktsidis
Aug 14 2017 14:16
hey everyone, we are experiencing a problem in search results with invenio-search-error and invenio-search-loading directives. They seem to be broken though we have no error in our results. There must be a version conflict problem, though we didn’t manage to find the correct combination of the versions required. Anyone experienced something like this before ?
Lars Holm Nielsen
@lnielsen
Aug 14 2017 14:36
Do you see any errors in the browser console?
Ioannis Tsanaktsidis
@ioannistsanaktsidis
Aug 14 2017 14:36
nope not at all
Lars Holm Nielsen
@lnielsen
Aug 14 2017 14:37
are all your packages at the latest versions? (since there was quite a lot of package releases last two weeks)
Ioannis Tsanaktsidis
@ioannistsanaktsidis
Aug 14 2017 14:41
yes everything up to date...
problem seems to be with ng-show , ng-hide in error.html and loading.html
so I thought maybe some angular version was messed
Diego
@diegodelemos
Aug 14 2017 14:53
are you using invenio-theme?
Ioannis Tsanaktsidis
@ioannistsanaktsidis
Aug 14 2017 14:53
yes
b4
Diego
@diegodelemos
Aug 14 2017 14:59
if you open the web console do you get any warning concerning CSP rules?
Ioannis Tsanaktsidis
@ioannistsanaktsidis
Aug 14 2017 15:00
nope
Diego
@diegodelemos
Aug 14 2017 15:22
Since invenio-app sets strict CSP rules here https://github.com/inveniosoftware/invenio-app/blob/master/invenio_app/config.py#L76-L78 if your code is not free of inline CSS and JS if won't be executed. Therefore, in order to have ng-show and ng-hide working the ng-csp flag must be activated and the angular-csp.css added (v1.0.0b4 should include all https://github.com/inveniosoftware/invenio-theme/pull/109/files). As you told me, you are not getting any warning message in the console but it is worth to check if you don't have cached styles.scss since it is exatcly what the Angular docs suggest (if you don't have those styles defined then ng-show and ng-hide don't work https://docs.angularjs.org/api/ng/directive/ngShow)