Defect #5317

projects.atom with required authentication

Added by Harald Klimach over 7 years ago. Updated over 7 years ago.

Status:ClosedStart date:2010-04-14
Priority:NormalDue date:
Assignee:Eric Davis% Done:

100%

Category:Feeds
Target version:0.9.5
Resolution:Fixed Affected version:0.9.3

Description

We are running a redmine deployment with required authentication.
Most RSS feeds seem to work in this setup, but the link to the feed from
the projects page ends up at the login page, when not requested from
the browser with a valid session.

Used software:
mysql Ver 14.14 Distrib 5.1.37, for debian-linux-gnu (x86_64)
ruby 1.8.7
rails 2.3.5

The message in the logs boils down to:

Filter chain halted as [:check_if_login_required] rendered_or_redirected.

I searched for this issue, but did only find #2078, which in fact would be also nice to have.

issue5317_svn_3774.diff Magnifier (1.4 KB) Greg Mefford, 2010-06-19 18:35

5317_permissions.diff Magnifier (687 Bytes) Greg Mefford, 2010-06-19 19:07

5317_auto_discovery.diff Magnifier (745 Bytes) Greg Mefford, 2010-06-19 19:07


Related issues

Related to Redmine - Defect #6132: Allow Key based authentication in the Boards atom feed Closed 2010-08-13

Associated revisions

Revision 3776
Added by Eric Davis over 7 years ago

Add ATOM auto discovery link to the Projects list. #5317

Contributed by Greg Mefford

Revision 3777
Added by Eric Davis over 7 years ago

Accept key authentication to ProjectsController#index (for feeds). #5317

Contributed by Greg Mefford

History

#1 Updated by Harald Klimach over 7 years ago

Hi there,
just wanted to report, that this issue still persists after the upgrade to 0.9.4.

#2 Updated by Moritz Spindelhirn over 7 years ago

Yep,
I confirm that it is still present in 0.9.4.

#3 Updated by Felix Schäfer over 7 years ago

Could you tell us more about your setups, especially the source of your redmine (i.e. downloaded from redmine.org or installed from a debian package)?

#4 Updated by Moritz Spindelhirn over 7 years ago

I´m sorry but I cannot give you this information because my hoster installed it.

I see what I can do to get it ;)

#5 Updated by Felix Schäfer over 7 years ago

Moritz: I have a somewhat sure way to find it out if you have access to the redmine files on your server. Have a look at redmine_dir/config/initializers/40_email.rb, if it looks for the file email.yml in redmine_dir/config/email.yml it's stock, if it looks in /etc/redmine it's the deb.

#6 Updated by Moritz Spindelhirn over 7 years ago

Ok, thanks.
It looks for config/email.yml, so it isnt the db package.

#7 Updated by Felix Schäfer over 7 years ago

Just confirmed that on r3764.

#8 Updated by Felix Schäfer over 7 years ago

  • Assignee set to Eric Davis
  • Target version set to 0.9.5

Add :index to source:trunk/app/controllers/projects_controller.rb#L30, i.e. change:

  accept_key_auth :activity

to:

  accept_key_auth :activity, :index

@Eric: Could you push that to trunk?

#9 Updated by Felix Schäfer over 7 years ago

Felix Schäfer wrote:

@Eric: Could you push that to trunk?

And while we're at it, I think it wouldn't hurt having the ATOM link for the project index in the header, i.e. add the following to source:trunk/app/views/projects/index.rhtml :

<% content_for :header_tags do %>
<%= auto_discovery_link_tag(:atom, {:action => 'index', :format => 'atom', :key => User.current.rss_key}) %>
<% end %>

Thanks :-)

#10 Updated by Harald Klimach over 7 years ago

Hi,
sorry for the somewhat late reply, and thanks for looking at this issue.
I'm following the SVN repository, but only update to tagged releases, so
no debian specific stuff is involved.
I applied the both modifications (to 0.9.4), and the problem is gone.

Thanks a lot!

#11 Updated by Greg Mefford over 7 years ago

To reproduce from a clean install of trunk:

  1. Administration -> Settings -> Authentication -> Check "Authentication Required." -> Click "Save"
  2. Create a test project
  3. Go to list of projects
    • There should be no "Atom" icon in the browser address bar
  4. Click the "Atom" link at the bottom of the projects page
    • Should see the Atom feed
  5. Copy the URL from the address bar
  6. Click "Log Out"
  7. Paste the URL back in the address bar
    • Should see the login page

After applying the patch:

  1. Log in and get the link to the Atom feed from the projects list
    • Should see the RSS/Atom auto-discovery icon in the address bar (although it looks like Chrome doesn't work)
  2. Log back out
    • Should see the Atom feed now

#12 Updated by Greg Mefford over 7 years ago

Split up the authentication fix from the auto_discovery fix.

#13 Updated by Eric Davis over 7 years ago

  • Status changed from New to Resolved
  • % Done changed from 80 to 100
  • Resolution set to Fixed

Committed both the auto discovery link and key authentication in r3776 and r3777. Thank you.

#14 Updated by Eric Davis over 7 years ago

  • Status changed from Resolved to Closed

Merged into 0.9-stable.

Also available in: Atom PDF