[kforge-dev] resolved dav issues

Rufus Pollock rufus.pollock at okfn.org
Tue May 30 11:31:20 UTC 2006 

Over the weekend I completely the resolutions of ticket:8 and ticket:11 
and thus the dav system is now working entirely correctly (in trunk).

A couple of things to note:

1. The access handlers are not working quite as predicted from the 
comments in the apache config:

# accept immediately if a handler returns OK
# deny immediately if a handler returns FORBIDDEN
# pass to next handler if a handler returns UNAUTHORISED
# deny if none of the handlers return OK
Satisfy Any
Require valid-user

# handler to accept a browser client
PythonAccessHandler kforge.handlers.modpython::auth_browser

# fall through handler for all other circumstances
PythonAuthenHandler kforge.handlers.modpython::auth_default
AuthType Basic

Specifically we always through from the first handler to the second. (I 
also note that given the meaning of 'Satisfy Any' we probably do not 
want it). See comments in the file:

http://project.knowledgeforge.net/kforge/trac/browser/trunk/src/kforge/handlers/modpython.py

2. Our logging system was *extremely* useful. For example it allowed me 
to identify the source of the mysterious bug whereby, when using a 
browser, you still got a apache login prompt popping up *before* being 
redirected to the login page (see log output below)

Regards,

Rufus

Annotated log output
********************

[2006-05-28 06:11:11,350] Modpython validateUri: Validating uri: 
/annakarenina/dav/
[2006-05-28 06:11:11,351] USER-AGENT: Mozilla/5.0 (Macintosh; U; PPC Mac 
OS X Mach-O; en-US; rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3
[2006-05-28 06:11:11,351] isBrowserRequest: True
[2006-05-28 06:11:11,351] Modpython browser handler: Browser client request.
[2006-05-28 06:11:11,365] Modpython browser handler: Session cookie: 
kui_no_auth
[2006-05-28 06:11:11,481] Session cookie value error: kui_no_auth
[2006-05-28 06:11:11,482] Modpython browser handler: Checking access: 
visitor, /annakarenina/dav/, GET

# this is where it goes wrong ...
[2006-05-28 06:11:13,891] Modpython browser handler: Not allowing access.
[2006-05-28 06:11:13,891] Modpython browser handler: Redirecting to kui 
login.

# redirection should happen here but instead we fall through to default 
handler
[2006-05-28 06:11:13,892] Modpython validateUri: Validating uri: 
/annakarenina/dav/
[2006-05-28 06:11:13,894] USER-AGENT: Mozilla/5.0 (Macintosh; U; PPC Mac 
OS X Mach-O; en-US; rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3
[2006-05-28 06:11:13,894] isBrowserRequest: True
[2006-05-28 06:11:13,894] Modpython default handler: is a browser 
request =>shouldn't be here.
[2006-05-28 06:11:13,895] Modpython default handler: Proceeding with 
Basic authorisation.

# That fails and we reprompt which starts the cycle again ...
[2006-05-28 06:11:15,874] Modpython default handler: Not allowing access.
[2006-05-28 06:11:15,875] Modpython default handler: Reprompting after 
login failure...

# this is where the prompot appears. Enter correct username and password

# so we start again ... (at this point login info is *not* being used)
[2006-05-28 06:11:24,838] Modpython validateUri: Validating uri: 
/annakarenina/dav/
[2006-05-28 06:11:24,839] USER-AGENT: Mozilla/5.0 (Macintosh; U; PPC Mac 
OS X Mach-O; en-US; rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3
[2006-05-28 06:11:24,840] isBrowserRequest: True
[2006-05-28 06:11:24,840] Modpython browser handler: Browser client request.
[2006-05-28 06:11:24,841] Modpython browser handler: Session cookie: 
kui_no_auth
[2006-05-28 06:11:24,842] Session cookie value error: kui_no_auth
[2006-05-28 06:11:24,843] Modpython browser handler: Checking access: 
visitor, /annakarenina/dav/, GET

# we fail again
[2006-05-28 06:11:27,732] Modpython browser handler: Not allowing access.
[2006-05-28 06:11:27,732] Modpython browser handler: Redirecting to kui 
login.

# so we start on default handler
[2006-05-28 06:11:27,738] Modpython validateUri: Validating uri: 
/annakarenina/dav/
[2006-05-28 06:11:27,740] USER-AGENT: Mozilla/5.0 (Macintosh; U; PPC Mac 
OS X Mach-O; en-US; rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3
[2006-05-28 06:11:27,741] isBrowserRequest: True
[2006-05-28 06:11:27,741] Modpython default handler: is a browser 
request =>shouldn't be here.
[2006-05-28 06:11:27,741] Modpython default handler: Proceeding with 
Basic authorisation.

# but this time because of login info we are in ....
[2006-05-28 06:11:30,436] Modpython default handler: Allowing access for 
'levin'.

# now we redirect because of DirectoryIndex to none.none.none
# and we repeat previous step
[2006-05-28 06:11:30,438] Modpython validateUri: Validating uri: 
/annakarenina/dav/none.none.none
[2006-05-28 06:11:30,438] USER-AGENT: Mozilla/5.0 (Macintosh; U; PPC Mac 
OS X Mach-O; en-US; rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3
[2006-05-28 06:11:30,439] isBrowserRequest: True
[2006-05-28 06:11:30,439] Modpython browser handler: Browser client request.
[2006-05-28 06:11:30,440] Modpython browser handler: Session cookie: 
kui_no_auth
[2006-05-28 06:11:30,440] Session cookie value error: kui_no_auth
[2006-05-28 06:11:30,441] Modpython browser handler: Checking access: 
visitor, /annakarenina/dav/none.none.none, GET

# fail on browser again (since still not logged in with a cookie)
[2006-05-28 06:11:32,438] Modpython browser handler: Not allowing access.
[2006-05-28 06:11:32,439] Modpython browser handler: Redirecting to kui 
login.

# ... finally the redirect will happen on second or third login ....

More information about the kforge-dev mailing list