Perl 6 - the future is here, just unevenly distributed

IRC log for #webwork, 2012-08-15

| Channels | #webwork index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
12:37 djun joined #webwork
13:52 djun_ joined #webwork
14:07 aubreyja joined #webwork
14:31 goehle joined #webwork
15:39 goehle hey aubreyja
15:41 aruether joined #webwork
15:41 aubreyja Morning
15:42 aruether Good morning
15:42 goehle mornin
15:43 goehle been tracking down more css stuff
15:43 aubreyja cool -
15:43 goehle if you go to a set using your server
15:43 goehle and if you look at the Set Info box
15:43 goehle is the "info-box" div surrounded by an "info-wrapper" div
15:43 goehle ?
15:44 aubreyja Yes, I think that's right.
15:44 goehle it should be, to be consistent with other uses of the info-box div
15:44 aubreyja aruether - feel free to jump in if you have any questions
15:45 goehle it wasn't for my server, which was causing wierdness
15:45 aruether Thanks
15:45 aruether I was working on a CAS authentication module for WeBWorK and wondered if someone could point me in the right direction
15:45 aruether I am close, but can't get WeBWorK to redirect to the CAS login server
15:45 goehle not me, I can't even get the existing ldap authentication to work
15:45 aubreyja Ah, sure - we were just looking at authen stuff yesterday.
15:46 aubreyja so, what do you have so far -
15:46 aubreyja e.g., have you started Authen submodule?
15:47 aruether Based on the Authen::MercedCAS module (http://webwork.maa.org/wiki/Authentication), I essentially wrote out the check_cas function
15:47 aruether I verified that Authen.pm is calling my submodule WeBWorK::Authen::CAS
15:47 aruether I am generating the correct CAS URL
15:48 aruether The problem is that I don't know how to tell WeBWorK to redirect to the CAS login server
15:48 aruether In the Authen::MercedCAS module it shows $self->{redirect} = $go_to; but that doesn't work for me
15:49 aubreyja The request to the remote CAS server probably needs to be handled by a CPAN module
15:49 aubreyja what do they have in their use statements at the top?
15:49 aruether I am using the CPAN module, but all that does is create the URL and verify the CAS ticket is correct
15:49 aubreyja e.g. our Authen::LDAP module uses Net::LDAP for the actual query to the remote server
15:50 aubreyja ah, maybe I'm misunderstanding what you want to do
15:50 aubreyja LDAP just sends credentials, but you want to redirect them to a login page for the CAS server?
15:51 aruether Yes -- that's it
15:51 aruether With CAS, the application server (in this case, WeBWorK) never sees the credentials
15:51 aubreyja ok - also, is there something atypical about Merced's CAS set up that you can't just swap out the details?
15:53 aruether No -- it is typical.  I basically did a copy and paste.  They did not supply the check_cas method, so I wrote my own (which is not hard), but the redirect statement doesn't seem to work
15:53 aubreyja just a sec - phone call
15:59 aubreyja sorry, back - maybe it has to be $self->reply_with_redirect($authen->{redirect});
16:00 aruether Thanks -- I just tried it and got the following error:
16:01 aruether Global symbol "$authen" requires explicit package name at /opt/webwork/webwork2/lib/WeBWorK/Authen/CAS.pm line 79.
16:01 aruether (I'm not familiar with $authen)
16:05 aubreyja just looking at Authen.pm to refresh my memory
16:08 aruether I do see the reply_with_redirect function in ContentGenerator.pm
16:09 aubreyja ok, so $self->{redirect}  is only used in Logout.pm to redirect students back to the login page
16:10 aubreyja how are they using it in MercedCAS.pm?
16:11 aruether If the user isn't already authenticated, and they aren't coming in with an existing CAS ticket, the MercedCAS routine redirects the user to the CAS login page
16:11 aruether Which will return back to the same WeBWorK page but with a ticket
16:12 aubreyja ok, with Shibboleth.pm this is handled in the apache config it looks like
16:15 aubreyja Also, that's what the Cosign authen module does too
16:17 aruether I did see that Cosign protects directories
16:17 aruether I thought both also used $self->redirect for logouts (e.g. Shibboleth  forget_verification)
16:18 aubreyja Does this seem right to you? Apache gets the request, the location directive checks for CAS/Shib/Cosign authentication, if not go to CAS/Shib/Cosgin login page to get ticket, and come back.  When coming back with a ticket get passed to the webwork handler.
16:18 aruether Yes -- that makes sense
16:18 aubreyja I'll have a look
16:18 aruether So the entire site is password protected?
16:19 aruether NOt just at the course level?
16:19 aubreyja ah, yes - with shibboleth there is
16:19 aubreyja $self->[redirect} = $r->{shibboleth}{logout_script}
16:20 aruether Yes, in Cosign, too: $self->{redirect} = $r->ce->{cosign_logout_script};
16:20 aubreyja logout_script is documented above and is of the form /Shibboleth.sso/Logout"?return="...
16:21 aubreyja ok, so in Logout.pm that goes into $r->reply_with_redirect(….)
16:21 aubreyja You can choose to protect the entire site, or just /webwork2/ or just /webwork2/*/ I think
16:22 aubreyja For example, in the Cosign documentation there is <LocationMatch "/webwork/math-[0-9]+/">
16:23 aruether OK, so if the users enters any course page, they will get redirected to the CAS login page via Apache
16:23 aruether When they return to WeBWorK from CAS, they will come back to the course page with a ticket
16:23 aruether and the CAS module will verify the ticket and let them in
16:23 aruether I think that will work
16:24 aubreyja Yeah - i think so too.  So, I think the easiest route might be to ask some one at your place for an example apache location directive that they use on, say, blackboard
16:24 aruether I will give it a try and see if we can get it working this afternoon
16:24 aruether Thank you very much for your help
16:25 aubreyja Cool - no problem let me know if it works.  We'd love to get it up in the software repository if possible when it's working
16:25 aruether Yes -- when things are working I can add it
16:25 aubreyja great - thanks!
17:11 awangberg joined #webwork
17:18 aubreyja Hi awangberg! Wow, that worked!
17:39 awangberg Hi Jason.
17:51 djun joined #webwork
18:10 goehle left #webwork
18:12 aubreyja Hi djun - Drupal?
18:12 djun Hey Jason
18:12 djun just replied to your email, but I think the mail server lost it :(
18:13 djun my math.ubc.ca account has been shut down, and mail is getting forwarded to stat.ubc.ca
18:13 djun but mail MUA tried sending from the math account
18:13 djun Anyway, the gist of what I said in the email is:
18:14 djun I'd use the latest tar ball  for Drupal 7, from drupal.org
18:14 djun Apache, PHP, MySQL I'd get using Apt
18:14 djun Drupal doesn't need the bleeding edge or anything
18:14 djun apache 1.3.x or 2.x
18:15 djun php 5.3 or better
18:15 djun mysql 5.0.15 or better, with PDO support
18:15 aubreyja k - will do.  We've got all of that from apt. I'm just going to put it on webwork.maa.org.  If I set you up as the admin would that be everything you need or are there plugins, extensions, etc. I should also install?
18:15 djun you'll need mod_rewrite for apache
18:16 djun otherwise only pretty standard things, iirc
18:16 djun on the drupal side:
18:16 djun i'd use Drush (see contrib modules) for maintenance and generally poking about
18:17 djun Make sure you are set up to use virtual hosts easily on the apache side
18:17 djun this makes life much easier when you do stage/production rollovers, set up test/dev servers, etc, and when you add additional sites
18:18 djun Set up Drupal using the multisite setup (all customization goes in the sites directory)
18:18 djun I generally have directories /var/www/drupal-code  and /var/www/drupal-contrib
18:19 djun each of those has directories for the version: drupal6, drupal7, drupal8 etc.
18:19 djun in the contrib directory, i have a directory for modules, and one for themes
18:20 djun to install a new module, untar into the modules folder, same for themes, or use drush
18:21 djun i usually set up a symlink  /var/www/drupal-core/drupal7/drupal7x -> ./drupal-7.x.y
18:21 djun this makes it easy to update: just dump in the new core, change the symlink, and run the update script
18:22 djun hope this helps :)
18:23 aubreyja Would you be more comfortable setting it up yourself?  I can certainly do all of this, but maybe it would be useful for you to have a shell account especially if we start customizing it heavily for the course browser and other things.
18:24 aubreyja But also, I don't want you to get over burdened
18:24 djun i'd be happy to jump in, if you like :)
18:26 aubreyja ok, formally speaking I should probably ok it with John Wyatt before I create a new admin account on the server - so I'll write to him and get back to you with credentials.
18:27 djun great
18:29 djun i'm heading off to the cafe to work there for a while. Back in about 30min
18:29 aubreyja ttyl
18:33 djun joined #webwork
19:00 _ilbot joined #webwork
19:00 Topic for #webwork is now WeBWorK (http://webwork.maa.org) is an open-source online homework system for math and sciences courses. WeBWorK is supported by the MAA and the NSF. | Release notes: http://goo.gl/Ry5HN | Channel logged at http://goo.gl/jELTn
19:08 djun joined #webwork
19:21 dbrianwalton joined #webwork
20:39 djun joined #webwork
21:27 aubreyja Hi djun - have sec?
21:27 djun hey
21:27 djun sure
21:29 aubreyja I'm trying to figure out in Authen.pm - under what conditions the user's session key might be different from the key in the params, and what to do in that case besides croaking
21:29 djun just having a look
21:29 aubreyja https://github.com/openwebwork/webwork2-dev/blob/master/lib/WeBWorK/Authen.pm
21:30 aubreyja is where I'm looking, lines 346+
21:31 aubreyja that's new code and I don't think it's doing the best thing
21:35 aubreyja actually, on my server it's a croak, but here 's a warn.  Maybe that's ok
21:35 aubreyja taking the cookie key seems roughly more right than taking the params key
21:36 aubreyja but really, why even do all of this from 346 - 393?
21:37 djun hmm. where would this fail?
21:38 aubreyja seems like the old conditionals at 395 and 405 take over anyway...
21:38 djun CookieUser not defined or no user associated to request
21:38 aubreyja well, let's say I log into a course twice in two different tabs. Then I get different keys for each one.  But the new cookie replaces the new cookie
21:39 djun does this happen in the initial authentication process, or when logging out?
21:39 djun it's been so long since i've looked at raw http  :)
21:39 djun what's the sequence of events in authenticating?
21:40 djun 1) browser sends a request for a page, with no cookie headers
21:40 aubreyja in the initial authentication process there is no cookie, so these can only conflict for returning users (different keys) or somebody trying to log in as a new user on a browser with an unexpired session key
21:41 djun 2) server replies with authentication page and cookie
21:41 aubreyja the cookie I think is not set until the user logs in
21:41 djun does the "act as <user>" mess about with the cookie?
21:42 aubreyja no, that sets an 'effectiveUser' internally but the cookie is <user>\tab<key>\tab<timestamp>
21:43 aubreyja so there is always an effectiveUser url parameter, but it's never used in the Authen stuff
21:43 djun OK, that makes sense
21:44 djun and $r is the request object; where is the user parameter set there?
21:45 aubreyja to me, it looks like this new code runs, sets a bunch of things and complains rudely if things don''t match, but then those things get re-set in the following two conditionals anyway, so the net effect is only potential rude complaining.
21:45 aubreyja right $r contains 'all' of the request data. It's an apache request object with some webwork stuff added in
21:48 djun the credential_source is set if there is a conflict… but it doesn't look like that is checked again anywhere
21:50 aubreyja hmm, right - maybe Bill Wheeler's LTI stuff uses it, but isn't that also going to end up being redefined by 395 and then possibly 405?
21:51 djun the code returns before that, with a value 1
21:52 aubreyja ah, right - let me check the LTI module
21:54 aubreyja well, do you see anywhere that value is used?
21:56 djun looks like the only place where get_credentials returns false is if guest authentication fails.
21:57 aubreyja Right, and I only see two line where $self->[credential_source} is compared to anything, but
21:57 djun yeah
21:57 djun hang on
21:57 djun brb
21:57 aubreyja it only matters if it eq 'cookie' or ne 'cookie'
21:58 djun joined #webwork
21:58 djun back
22:00 djun looks to me like credential_source is used only for logging
22:00 aubreyja yeah, and I just disabled that whole conditional because I don't see what it adds but it's producing a lot of error messages and I keep getting asked about them
22:01 djun the warn/croak messages?
22:02 djun at the very least the code could probably be simplified. looks like it is just storing away some values
22:02 djun i have to confess i find the whole authentication model for WW kinda confusing and irritating in practice :)
22:03 aubreyja the whole conditional clause responding to if they are both defined
22:03 aubreyja and, I managed to do the thing that reproduces the error and got no error, just back to the login page
22:03 djun this is a bugzilla bug, I take it?
22:04 aubreyja the authentication stuff could probably use some reworking and updating
22:04 aubreyja No, it's new code that came with Bill's LTI module, but nobody has complained about it yet. I've got to run, but I'll probably put in a bug report
22:04 djun gotta run too
22:05 djun will be back later/tomorrow
22:05 aubreyja thanks for your help, ttyl
22:05 djun talk soon
22:15 aubreyja left #webwork
22:26 djun joined #webwork

| Channels | #webwork index | Today | | Search | Google Search | Plain-Text | summary