• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use View topic Item7848 for generic doc work for TWiki-6.1.1. Use View topic Item7851 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
Does this site look broken?. Use the LitterTray web for test cases.

Item3732: Find More extenstion in Configure does not work with proxy authentication. Workaround included.

Item Form Data

AppliesTo: Component: Priority: CurrentState: WaitingFor: TargetRelease ReleasedIn
Engine Configuration Normal Closed   minor  

Edit Form Data

Summary:
Reported By:
Codebase:
Applies To:
Component:
Priority:
Current State:
Waiting For:
Target Release:
Released In:
 

Detail

 

 

The find more extenstion feature in Configure does not work with Proxy authentication. I've found a workaround and it makes it useable if not very secure ^^

-- TWiki:Main/AreAArseth - 07 Mar 2007

Attached a patch for the problem which adds required headers and fix a bug in stripping headers on reply from server.

The tricky part is how to send the password to the proxy server. I just used the base64 string.

-- TWiki:Main.AreAArseth - 07 Mar 2007

Thanks for that! Can you (or anyone else who uses a proxy) make a fix that makes it useable and secure? I really don't want to apply a patch that the author thinks is insecure, and I don't have a test platform to research this myself.

-- TWiki:Main.CrawfordCurrie - 09 Mar 2007

The provided patch implies that one would permanently embed the user:pass combination into the code and I do not think this is a practice that should be incorporated into the code.

A BETTER approach would be to create two new vars to take the proxy server values.<br />

$TWiki::cfg{PROXY}{USER}
$TWiki::cfg{PROXY}{PASSWORD}

The saved values would be connected to a "service account" and not a person.

The BEST approach would be to query the TWiki admin for their proxy id:password just prior to making the connection. The values would then be transient (not stored). I haven't had time to work on this piece. <br />

The second part of the patch includes a fix for stripping additional headers that are inserted by the proxy server. Item Bugs.Item3885 details the exact same change:

 

63c63
< } elsif ($ar !~ s!^.*Content-Type: application/x-gzip\r\n\r\n!!is) {
---
> } elsif ($ar !~ s!^.*Content-Type: application/x-gzip\r\n.*\r\n\r\n!!is) {
88c88
< } elsif ($ar !~ s#^.*Content-Type: application/zip\r\n\r\n##is) {
---
> } elsif ($ar !~ s#^.*Content-Type: application/zip\r\n.*\r\n\r\n##is) {

 

This needs to be brought into the shipping EXTEND.pm code.

-- TWiki:Main.SteveRJones - 06 Jun 2007

The BEST approach isn't going to happen any time soon, as it requires an interaction mode that just isn't coded and would be a fair bit of work to add.

The BETTER approach is much easier to achieve; the configure settings need to be added to lib/TWiki.spec, then you might want to add checkers for them (see the existing checkers in lib/TWiki/Checkers= and use them as a template). And you need to write the documentation, obviously; document the settings in TWiki.spec (following the pattern used for {PROXY}{HOST} for example).

I don't see a patch?

CC

 

 

Patch for fixing the problem of a proxy server adding extraneous headers is attached.

-- TWiki:Main.SteveRJones - 06 Jun 2007

 

Hmm, patch would be here if upload was working frown

-- TWiki:Main.SteveRJones - 06 Jun 2007

 

 

 

QUOTE: The BETTER approach is much easier to achieve; the configure settings need to be added to lib/TWiki.spec, 
then you might want to add checkers for them (see the existing checkers in lib/TWiki/Checkers= and use them as a
template). And you need to write the documentation, obviously; document the settings in TWiki.spec
(following the pattern used for {PROXY}{HOST} for example).

 

Ok, I can do that -- but where in the configure code do I look for the section that manages data input for "Mail and Proxies"? I can change the spec and write docs all day long - but trying to find the code to change is challenging at best.

-- TWiki:Main.SteveRJones - 07 Jun 2007

All you have to do is add the settings to TWiki.spec. There is no section that manages data input for "Mail and Proxies" other than what you find in TWiki.spec. You can optionally add checkers for your new settings by creating new packages in lib/TWiki/Checkers.

-- TWiki:Main.CrawfordCurrie - 08 Jun 2007

 

 

Ooo, I never thought that you guys would do it that way -- I like that! I've always tried to opt for data driven applications where actual code changes could be kept to a minimum.

Thanks

-- TWiki:Main.SteveRJones - 12 Jun 2007

 

 

Patch attached to fix EXTEND only. I recommend pulling proxy_auth.patch as it introduces bad coding practices and opens a huge security hole.

-- TWiki:Main.SteveRJones - 12 Jun 2007

Steve, I don't understand; the patch you affixed (1) doesn't relate to any code currently in EXTEND.pm and (2) doesn't actually do anything anyway (all it does is change ! to #)

CC

 

 

 

Ok, code that is shipped with 4.1.2 (as stated in the form) has TWiki/Configure/UIs/EXTEND.pm with the following code:

HERE
undef $ar;
} elsif ($ar !~ s!^.*Content-Type: application/x-gzip\r\n\r\n!!is) {
print $this->WARN(<WARN(<param('pub').$extension.'/'.$extension.$ext;
print "
Fetching $arf...
\n";
eval {
$ar = $this->getUrl($arf);
};
if ($@) {
print $this->WARN(<
$@
$@
HERE undef $ar; } elsif ($ar !~ s#^.*Content-Type: application/zip\r\n\r\n##is) { print $this->WARN(<

 

According to Bugs.Item3885 there was an issue with proxy servers adding extraneous headers. No patch was provided in that bug listing. I applied the embedded patch and the error message:

Warning: I can't install http://twiki.org/p/pub/Plugins/[plugin].tgz because I don't recognise the download as a gzip file.

was resolved. In fact, you even commented on the changes provided in the text.

 

So, I do not understand your comments unless the patch was already folded into the current checked in version. Riddle me that Batman!

-- TWiki:Main.SteveRJones - 13 Jun 2007

Ah, OK. I work off the latest SVN checkout which has that fixed (at least three times). I was expecting your patch to include the TWiki.spec changes, and when i didn;t see them.....

[[CC]]

 

 

No, I am taking that slowly and separating the changes. Good to hear that the proxy header fix is in.

-- TWiki:Main.SteveRJones - 13 Jun 2007

As far as I can tell this all works now. Closed.

[[CC]]

Closed

-- Main.SteveRJones - 29 Aug 2007 

 

ItemTemplate
Summary Find More extenstion in Configure does not work with proxy authentication. Workaround included.
ReportedBy TWiki:Main.AreAArseth
Codebase 4.1.2
SVN Range TWiki-4.1.2, Sat, 03 Mar 2007, build 13043
AppliesTo Engine
Component Configuration
Priority Normal
CurrentState Closed
WaitingFor

Checkins

TargetRelease minor
ReleasedIn

Topic attachments
I Attachment History Action Size Date Who Comment
Unknown file formatdiff EXTENDdotpm_patch_to_fix_proxyheader_additions.diff r1 manage 0.3 K 2007-06-12 - 16:44 UnknownUser Patch for EXTEND where proxies were adding errant header data
Unknown file formatpatch proxy_auth.patch r1 manage 1.5 K 2007-03-07 - 12:37 AreAArseth Patch for perl stuff in UI
Edit | Attach | Watch | Print version | History: r17 < r16 < r15 < r14 < r13 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r17 - 2007-08-29 - SteveRJones
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback