| *** jamesmcarthur has joined #storyboard | 00:14 | |
| *** jamesmcarthur has quit IRC | 00:27 | |
| *** jamesmcarthur has joined #storyboard | 00:28 | |
| *** jamesmcarthur has quit IRC | 00:53 | |
| *** diablo_rojo has quit IRC | 01:01 | |
| *** jamesmcarthur has joined #storyboard | 01:07 | |
| *** jamesmcarthur has quit IRC | 01:19 | |
| *** jamesmcarthur has joined #storyboard | 01:43 | |
| *** jamesmcarthur has quit IRC | 01:46 | |
| *** udesale has joined #storyboard | 04:44 | |
| *** ianychoi has quit IRC | 04:59 | |
| *** ianychoi has joined #storyboard | 05:01 | |
| *** udesale has quit IRC | 06:24 | |
| *** udesale has joined #storyboard | 06:25 | |
| *** udesale has quit IRC | 06:27 | |
| *** jtomasek has joined #storyboard | 06:36 | |
| *** udesale has joined #storyboard | 06:52 | |
| *** tosky has joined #storyboard | 07:18 | |
| *** udesale has quit IRC | 07:49 | |
| *** udesale has joined #storyboard | 07:49 | |
| *** zbr has joined #storyboard | 07:53 | |
| *** efried has quit IRC | 08:02 | |
| *** efried has joined #storyboard | 08:02 | |
| *** jamesmcarthur has joined #storyboard | 12:10 | |
| *** jamesmcarthur has quit IRC | 12:20 | |
| *** jamesmcarthur has joined #storyboard | 12:45 | |
| *** jamesmcarthur has quit IRC | 13:05 | |
| *** tosky_ has joined #storyboard | 15:04 | |
| *** tosky has quit IRC | 15:06 | |
| *** jamesmcarthur has joined #storyboard | 15:08 | |
| fungi | hitting a bit of a dead end on the cors regex implementation. for whatever reason, things are working from the webclient deployment on storyboard-dev, but if i try a draft build i'm getting a "405 Method Not Allowed - The method POST is not allowed for this resource." | 15:15 |
|---|---|---|
| fungi | i think that must be coming from wsgiref.simple_server | 15:15 |
| *** tosky_ is now known as tosky | 15:36 | |
| fungi | confirmed i get the same behavior with drafts published on rackspace and ovh | 15:41 |
| fungi | basically oauth seems to work, but on returning from the openid provider page to the storyboard api, it complains about the post request | 15:42 |
| fungi | the request as logged by apache looks like... | 15:43 |
| fungi | POST /api/v1/openid/authorize_return?scope=user&state=EmR...Isf&response_type=code&client_id=storage.gra1.cloud.ovh.net&sb_redirect_uri=https%3A%2F%2Fstorage.gra1.cloud.ovh.net%2Fv1%2FAUTH_dca...44c%2Fzuul_opendev_logs_66c%2F661834%2F1%2Fcheck%2Fbuild-javascript-content%2F66c585e%2Fnpm%2Fhtml%2F%23%21%2Fauth%2Ftoken HTTP/1.1 | 15:44 |
| fungi | ... in there elides some of the lengthy oauth blobs | 15:45 |
| *** diablo_rojo has joined #storyboard | 15:46 | |
| fungi | looks like the working authentication from the webclient deployed on storyboard-dev does... | 15:48 |
| fungi | GET /api/v1/openid/authorize_return?scope=user&state=Qxd...jhh&response_type=code&client_id=storyboard-dev.openstack.org&sb_redirect_uri=https%3A%2F%2Fstoryboard-dev.openstack.org%2F%23%21%2Fauth%2Ftoken&...[lots of openid parameters]... HTTP/1.1 | 15:49 |
| fungi | so, get is working, post is not | 15:49 |
| fungi | why when i use a webclient draft build from object storage does the openid provider send the client to the api with post instead of get? | 15:50 |
| fungi | anybody have ideas? i suppose i could try temporarily configuring for another openid provider and see if the behavior is the same | 15:55 |
| diablo_rojo | I've got no ideas unfortunately. | 16:05 |
| diablo_rojo | SotK,? | 16:05 |
| SotK | I also have no ideas off the top of my head, I'll look at the code in a bit | 16:08 |
| *** udesale has quit IRC | 16:48 | |
| *** jamesmcarthur has quit IRC | 16:57 | |
| *** zbr has quit IRC | 17:45 | |
| *** efried has quit IRC | 18:44 | |
| *** zbr has joined #storyboard | 19:02 | |
| SotK | fungi: that API call is what we send to the openid provider as the return_to URL, so I suspect Ubuntu One is deciding which method to use based on the size of the request or something | 19:06 |
| SotK | we should probably update that endpoint to support POST as well | 19:07 |
| fungi | yeah, maybe. i'm mostly wondering why it seems to want to do a post if i use a draft webclient but uses get if i use the webclient deployed on the server | 19:12 |
| *** lifeless has quit IRC | 19:29 | |
| *** jamesmcarthur has joined #storyboard | 19:51 | |
| SotK | I can reproduce it locally by using a really long string as my hostname, so suspect its related to that | 20:11 |
| fungi | oh, i bet it decides if the string is too long it should switch to post | 20:19 |
| fungi | in that case, yeah, we should probably plumb that method to support post as well as get | 20:19 |
| fungi | i wonder how hard that would be | 20:20 |
| SotK | shouldn't be too hard | 20:20 |
| SotK | I'll have a look now | 20:20 |
| fungi | oh, thanks! if you have a poc i'm happy to toss it up on storyboard-dev along with the test deployment i have for the regex patch | 20:21 |
| *** jamesmcarthur has quit IRC | 20:24 | |
| *** jamesmcarthur has joined #storyboard | 20:24 | |
| *** jamesmcarthur has quit IRC | 20:24 | |
| *** jamesmcarthur has joined #storyboard | 20:40 | |
| SotK | heh, that turned out even easier than I expected | 20:42 |
| openstackgerrit | Adam Coldrick proposed opendev/storyboard master: Add support for POST requests to /v1/openid/authorize_return https://review.opendev.org/691428 | 20:49 |
| SotK | fungi: that fixed it in my local instance | 20:50 |
| fungi | nice! checking that out into the install now | 20:51 |
| fungi | hrm... testing with a preview at https://726cff15bf9da77ab255-026d87b5247a083263bcb91063c570fa.ssl.cf5.rackcdn.com/691051/1/check/build-javascript-content/4ce7fc3/npm/html/ and the return from launchpad is tossing up a "-1" error in the webclient. maybe it's that change causing it? | 20:56 |
| fungi | will try out another | 20:56 |
| fungi | hrm, nope, same problem | 20:57 |
| fungi | but maybe this is a new problem | 20:57 |
| fungi | i'll check for wsgi errors | 20:57 |
| *** jamesmcarthur has quit IRC | 20:58 | |
| SotK | works for me | 20:59 |
| fungi | yeah, last thing logged in the apache access log is the 302 redirect from the post, so at least that part looks right (same as get, no longer a 405) | 20:59 |
| fungi | oh, that url is working for you? | 20:59 |
| SotK | have you added an exception for storyboard-dev's self-signed cert in your browser? | 20:59 |
| SotK | yeah | 20:59 |
| fungi | you're able to log in with it? | 20:59 |
| SotK | yep | 20:59 |
| fungi | maybe something wrong with my account or browser or session | 20:59 |
| fungi | if so, that's excellent news | 20:59 |
| fungi | i'll troubleshoot my end then | 21:00 |
| fungi | ohh, that's a great point, i switched to friday evening relaxation in the living room, and the browser on this machine may never have used storyboard-dev | 21:00 |
| fungi | ahh, it had, but... i just realized eff privacy badger reporting one cross-domain url callout it was blocking | 21:02 |
| fungi | storyboard-dev.o.o | 21:02 |
| * fungi sighs | 21:02 | |
| SotK | we should really make that "-1" error more informative | 21:02 |
| fungi | yep, works now! | 21:03 |
| fungi | we added a message to the zuul dashboard which would probably be appropriate to crib there, yeah | 21:03 |
| fungi | something about failing to reach the api and to check browser privacy extensions and network configuration | 21:04 |
| openstackgerrit | Jeremy Stanley proposed opendev/storyboard master: Regular expression support for CORS and OAuth ACLs https://review.opendev.org/691034 | 21:06 |
| fungi | guess i'll go ahead and write up the associated config change for storyboard-dev | 21:14 |
| fungi | but i'll leave configuration management disable for it until we get those merged so we can validate webclient changes with it in the meantime | 21:14 |
| *** diablo_rojo has quit IRC | 21:25 | |
| fungi | SotK: i can go either way on the config change. would you rather we amend the regex implementation to require them to start with a ^ so existing deployments don't suddenly end up with slightly looser interpretation of their hostnames? | 21:43 |
| fungi | can basically look for entry.startswith("^") and use that to decide whether it should perform a strict == or re.match() | 21:44 |
| fungi | i've switched 691034 from approved to wip in the meantime | 21:45 |
| SotK | I think it'd be nice to do that actually just to not weaken any existing checks, not that I think there's really much chance of someone attempting a cross-site scripting attack like that | 21:48 |
| fungi | happy to. just a sec while i respon | 22:08 |
| fungi | respin | 22:08 |
| mordred | fungi: I'd prefer if you respon | 22:09 |
| SotK | thanks | 22:10 |
| fungi | responning nearly done | 22:18 |
| fungi | just running pep8 locally to check my syntax | 22:18 |
| fungi | bah, flake8 is breaking with python 3.8. trying again with 3.7 | 22:19 |
| openstackgerrit | Jeremy Stanley proposed opendev/storyboard master: Regular expression support for CORS and OAuth ACLs https://review.opendev.org/691034 | 22:23 |
| openstackgerrit | Merged opendev/storyboard master: Add support for POST requests to /v1/openid/authorize_return https://review.opendev.org/691428 | 22:24 |
| fungi | that's all redeployed on storyboard-dev manually now | 22:28 |
| fungi | with the updated config in the new patchset of the system-config change | 22:28 |
| fungi | seems to be working for me even from draft webclient builds | 22:28 |
| fungi | SotK: mordred: ^ | 22:29 |
| SotK | looks good to me, thanks for the quick respon | 22:30 |
| fungi | i like responning, especially on weekends | 22:32 |
| *** jtomasek has quit IRC | 22:58 | |
| *** jtomasek has joined #storyboard | 22:59 | |
| *** jtomasek has quit IRC | 22:59 | |
| openstackgerrit | Merged opendev/storyboard master: Regular expression support for CORS and OAuth ACLs https://review.opendev.org/691034 | 23:14 |
| *** tosky has quit IRC | 23:42 | |
| *** jamesmcarthur has joined #storyboard | 23:59 | |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!