Files
@ 9f976d75b04c
Branch filter:
Location: kallithea/docs/usage/troubleshooting.rst - annotation
9f976d75b04c
2.3 KiB
text/prs.fallenstein.rst
auth: restore anonymous repository access
Dominik Ruf found that aa25ef34ebab introduced a regression in anonymous access
to repositories ... if that is enabled.
The refactoring was too strict when it missed that not all repo permission
checks require a logged in user. Read access can be granted to the default user
... but not write or admin.
Instead of the commands used in aa25ef34ebab, the following commands are used
to consistently also allow the default user in all decorators where we only need
repo read access:
# Introduce explicit allow_default_user=True - that was the default before aa25ef34ebab
sed -i 's/@LoginRequired()/@LoginRequired(allow_default_user=True)/g' `hg mani`
sed -i 's/@LoginRequired(\(..*\))/@LoginRequired(\1, allow_default_user=True)/g' `hg mani`
# The primary case: Replace @NotAnonymous with removal of allow_default_user=True
perl -0pi -e 's/\@LoginRequired\((?:(.*), )?allow_default_user=True\)\n\s*\@NotAnonymous\(\)/\@LoginRequired(\1)/g' `hg mani`
# If there is a global permission check, no anonymous is ever allowed
perl -0pi -e 's/\@LoginRequired\(allow_default_user=True\)(\n\s*\@HasPermission)/\@LoginRequired()\1/g' `hg mani`
# Repo access for write or admin also assume no default user
perl -0pi -e 's/\@LoginRequired\(allow_default_user=True\)(\n\s*\@HasRepoPermissionLevelDecorator\('"'(write|admin)'"'\))/\@LoginRequired()\1/g' `hg mani`
Dominik Ruf found that aa25ef34ebab introduced a regression in anonymous access
to repositories ... if that is enabled.
The refactoring was too strict when it missed that not all repo permission
checks require a logged in user. Read access can be granted to the default user
... but not write or admin.
Instead of the commands used in aa25ef34ebab, the following commands are used
to consistently also allow the default user in all decorators where we only need
repo read access:
# Introduce explicit allow_default_user=True - that was the default before aa25ef34ebab
sed -i 's/@LoginRequired()/@LoginRequired(allow_default_user=True)/g' `hg mani`
sed -i 's/@LoginRequired(\(..*\))/@LoginRequired(\1, allow_default_user=True)/g' `hg mani`
# The primary case: Replace @NotAnonymous with removal of allow_default_user=True
perl -0pi -e 's/\@LoginRequired\((?:(.*), )?allow_default_user=True\)\n\s*\@NotAnonymous\(\)/\@LoginRequired(\1)/g' `hg mani`
# If there is a global permission check, no anonymous is ever allowed
perl -0pi -e 's/\@LoginRequired\(allow_default_user=True\)(\n\s*\@HasPermission)/\@LoginRequired()\1/g' `hg mani`
# Repo access for write or admin also assume no default user
perl -0pi -e 's/\@LoginRequired\(allow_default_user=True\)(\n\s*\@HasRepoPermissionLevelDecorator\('"'(write|admin)'"'\))/\@LoginRequired()\1/g' `hg mani`
aa90719e8520 aa90719e8520 aa90719e8520 aa90719e8520 aa90719e8520 aa90719e8520 aa90719e8520 4e6dfdb3fa01 8b8edfc25856 aa90719e8520 4e6dfdb3fa01 8b8edfc25856 8b8edfc25856 aa90719e8520 aa90719e8520 4e6dfdb3fa01 4e6dfdb3fa01 aa90719e8520 aa90719e8520 8b8edfc25856 aa90719e8520 4e6dfdb3fa01 4e6dfdb3fa01 8b8edfc25856 8b8edfc25856 aa90719e8520 aa90719e8520 4e6dfdb3fa01 4e6dfdb3fa01 aa90719e8520 aa90719e8520 aa90719e8520 aa90719e8520 aa90719e8520 4e6dfdb3fa01 aa90719e8520 aa90719e8520 aa90719e8520 aa90719e8520 4e6dfdb3fa01 4e6dfdb3fa01 aa90719e8520 aa90719e8520 aa90719e8520 03bbd33bc084 4e6dfdb3fa01 4e6dfdb3fa01 4e6dfdb3fa01 4e6dfdb3fa01 4e6dfdb3fa01 4e6dfdb3fa01 aa90719e8520 aa90719e8520 aa90719e8520 03bbd33bc084 03bbd33bc084 aa90719e8520 af2059eead28 af2059eead28 af2059eead28 03bbd33bc084 4a99684543f7 4a99684543f7 4a99684543f7 4a99684543f7 84d2a9aaa1a4 4e6dfdb3fa01 4a99684543f7 af2059eead28 aa90719e8520 aa90719e8520 cc21a2b86a30 aa90719e8520 aa90719e8520 aa90719e8520 | .. _troubleshooting:
===============
Troubleshooting
===============
:Q: **Missing static files?**
:A: Make sure either to set the ``static_files = true`` in the .ini file or
double check the root path for your http setup. It should point to
for example:
``/home/my-virtual-python/lib/python2.7/site-packages/kallithea/public``
|
:Q: **Can't install celery/rabbitmq?**
:A: Don't worry. Kallithea works without them, too. No extra setup is required.
Try out the great Celery docs for further help.
|
:Q: **Long lasting push timeouts?**
:A: Make sure you set a longer timeout in your proxy/fcgi settings. Timeouts
are caused by the http server and not Kallithea.
|
:Q: **Large pushes timeouts?**
:A: Make sure you set a proper ``max_body_size`` for the http server. Very often
Apache, Nginx, or other http servers kill the connection due to to large
body.
|
:Q: **Apache doesn't pass basicAuth on pull/push?**
:A: Make sure you added ``WSGIPassAuthorization true``.
|
:Q: **Git fails on push/pull?**
:A: Make sure you're using a WSGI http server that can handle chunked encoding
such as ``waitress`` or ``gunicorn``.
|
:Q: **How can I use hooks in Kallithea?**
:A: It's easy if they are Python hooks: just use advanced link in
hooks section in Admin panel, that works only for Mercurial. If
you want to use Git hooks, just install th proper one in the repository,
e.g., create a file `/gitrepo/hooks/pre-receive`. You can also use
Kallithea-extensions to connect to callback hooks, for both Git
and Mercurial.
|
:Q: **Kallithea is slow for me, how can I make it faster?**
:A: See the :ref:`performance` section.
|
:Q: **UnicodeDecodeError on Apache mod_wsgi**
:A: Please read: https://docs.djangoproject.com/en/dev/howto/deployment/wsgi/modwsgi/#if-you-get-a-unicodeencodeerror.
|
:Q: **Requests hanging on Windows**
:A: Please try out with disabled Antivirus software, there are some known problems with Eset Antivirus. Make sure
you have installed the latest Windows patches (especially KB2789397).
.. _virtualenv: http://pypi.python.org/pypi/virtualenv
.. _python: http://www.python.org/
.. _mercurial: https://www.mercurial-scm.org/
.. _celery: http://celeryproject.org/
.. _rabbitmq: http://www.rabbitmq.com/
.. _python-ldap: http://www.python-ldap.org/
|