I would like to integrate an issue tracker (Mantis) with RhodeCode and need to access the changeset information of a password-protected repository. I'm not having success using an URL with basic authentication (in the format "https://<username>:<password>@server"). Is there an alternative way to access the information I need?
This is exactly the plugin I would like to use. Sorry if I'm not familiar with Python enough to do this change, but as the plugin will make a request to /raw-changeset, is it enough to add @LoginRequired(api_access=True) to the changeset.py file and then restart RhodeCode?
But beware It will enable api access to all funcitons in that controller, if you want to just enable it for raw-changes you must move the @LoginRequired from __before__ method into each controller function and enable api access just for https://secure.rhodecode.org/rhodecode/files/1ff606a7858dbd8a5f70b3da...
This is exactly what I want but unfortunately I'm unable to understand anything in this code.I'm zero in programming.Do you have any sample? Can you please help me?
> But beware It will enable api access to all funcitons in that controller, > if you want to just enable it for raw-changes you must move the > @LoginRequired from __before__ method into each controller function and > enable > api access just for > https://secure.rhodecode.org/rhodecode/files/1ff606a7858dbd8a5f70b3da...
2012-07-05 13:56:46.367 INFO [rhodecode.lib.base] User: <AuthUser('id:2:thirumalai|None')> accessed / 2012-07-05 13:56:46.367 WARNI [rhodecode.lib.auth] user <AuthUser('id:2:thirumalai|None')> NOT authenticated on func: HomeController:__before__ 2012-07-05 13:56:46.370 INFO [rhodecode.lib.base] Request to / time: 0.067s
> As Marcin Kuzminski mentioned in previous post "if you want to just > enable it for raw-changes you must move the @LoginRequired from __before__ > method into each controller function and enable > api access just for > https://secure.rhodecode.org/rhodecode/files/1ff606a7858dbd8a5f70b3da..."
> This is exactly what I want but unfortunately I'm unable to understand > anything in this code.I'm zero in programming.Do you have any sample? > Can you please help me?
> Thanks, > Thirumalai.
> On Wednesday, January 18, 2012 3:13:07 AM UTC+5:30, Marcin Kuzminski wrote:
>> But beware It will enable api access to all funcitons in that controller, >> if you want to just enable it for raw-changes you must move the >> @LoginRequired from __before__ method into each controller function and >> enable >> api access just for >> https://secure.rhodecode.org/rhodecode/files/1ff606a7858dbd8a5f70b3da...
>> As Marcin Kuzminski mentioned in previous post "if you want to just >> enable it for raw-changes you must move the @LoginRequired from __before__ >> method into each controller function and enable >> api access just for >> https://secure.rhodecode.org/rhodecode/files/1ff606a7858dbd8a5f70b3da..."
>> This is exactly what I want but unfortunately I'm unable to understand >> anything in this code.I'm zero in programming.Do you have any sample? >> Can you please help me?
>> Thanks, >> Thirumalai.
>> On Wednesday, January 18, 2012 3:13:07 AM UTC+5:30, Marcin Kuzminski >> wrote:
>>> But beware It will enable api access to all funcitons in that >>> controller, if you want to just enable it for raw-changes you must move the >>> @LoginRequired from __before__ method into each controller function and >>> enable >>> api access just for >>> https://secure.rhodecode.org/rhodecode/files/1ff606a7858dbd8a5f70b3da...
I commented container_auth_enabled = false and proxypass_auth_enabled = false in production.ini.After that,I tried with restart but it was not working.Later I noticed I'm trying to list all repositories.So I tried with display changeset alone(API) and it worked fine.
I tried the same with Mantis integration but it was not working.Fine,I did the following in Rhodecode.
After this configuration I tried to pull repository from Mantis and it worked fine.I surprised and I don't know,How it was worked without any password. I tried to verify manually with default:default but it was not working..
How mantis can able to connect rhodecode without any username/password??Now I'm breaking my hand to know the root cause. Can you help me?
My objective is,Rhodecode private repository need to connect with Mantis.
>>> As Marcin Kuzminski mentioned in previous post "if you want to just >>> enable it for raw-changes you must move the @LoginRequired from __before__ >>> method into each controller function and enable >>> api access just for >>> https://secure.rhodecode.org/rhodecode/files/1ff606a7858dbd8a5f70b3da..."
>>> This is exactly what I want but unfortunately I'm unable to understand >>> anything in this code.I'm zero in programming.Do you have any sample? >>> Can you please help me?
>>> Thanks, >>> Thirumalai.
>>> On Wednesday, January 18, 2012 3:13:07 AM UTC+5:30, Marcin Kuzminski >>> wrote:
>>>> But beware It will enable api access to all funcitons in that >>>> controller, if you want to just enable it for raw-changes you must move the >>>> @LoginRequired from __before__ method into each controller function and >>>> enable >>>> api access just for >>>> https://secure.rhodecode.org/rhodecode/files/1ff606a7858dbd8a5f70b3da...
If you can access the page http://$server$/$repository$/raw-changeset/tip without logging in (perhaps clear your cache), then you have enough access to get the info into Mantis.
Ton
Op dinsdag 17 januari 2012 22:07:02 UTC+1 schreef Douglas José het volgende:
> I would like to integrate an issue tracker (Mantis) with RhodeCode and > need to access the changeset information of a password-protected > repository. I'm not having success using an URL with basic authentication > (in the format "https://<username>:<password>@server"). Is there an > alternative way to access the information I need?
I'm able to access page http://$server$/$repository$/raw-changeset/tip without logging in.Yes,mantis is working fine but I want to make sure,Will it lead to any security flow?.I mean,anyone can able to access my repository without permission?
On Monday, July 9, 2012 12:21:08 PM UTC+5:30, Ton wrote:
> Let me chime in.
> If you can access the page http://$server$/$repository$/raw-changeset/tip > without logging in (perhaps clear your cache), then you have enough access > to get the info into Mantis.
> Ton
> Op dinsdag 17 januari 2012 22:07:02 UTC+1 schreef Douglas José het > volgende:
>> Hi,
>> I would like to integrate an issue tracker (Mantis) with RhodeCode and >> need to access the changeset information of a password-protected >> repository. I'm not having success using an URL with basic authentication >> (in the format "https://<username>:<password>@server"). Is there an >> alternative way to access the information I need?
> I'm able to access page http://$server$/$repository$/raw-changeset/tip > without logging in.Yes,mantis is working fine but I want to make sure,Will > it lead to any security flow?.I mean,anyone can able to access my > repository without permission?
> Thanks,
> Thirumalai.
> On Monday, July 9, 2012 12:21:08 PM UTC+5:30, Ton wrote:
>> Let me chime in.
>> If you can access the page http://$server$/$repository$/raw-changeset/tip >> without logging in (perhaps clear your cache), then you have enough access >> to get the info into Mantis.
>> Ton
>> Op dinsdag 17 januari 2012 22:07:02 UTC+1 schreef Douglas José het >> volgende:
>>> Hi,
>>> I would like to integrate an issue tracker (Mantis) with RhodeCode and >>> need to access the changeset information of a password-protected >>> repository. I'm not having success using an URL with basic authentication >>> (in the format "https://<username>:<password>@server"). Is there an >>> alternative way to access the information I need?
On Monday, July 9, 2012 9:31:50 AM UTC+2, Thirumalai Kandasami wrote:
> Hi Ton,
> Thanks for your quick reply.
> I'm able to access page http://$server$/$repository$/raw-changeset/tip > without logging in.Yes,mantis is working fine but I want to make sure,Will > it lead to any security flow?.I mean,anyone can able to access my > repository without permission?
> Thanks,
> Thirumalai.
> On Monday, July 9, 2012 12:21:08 PM UTC+5:30, Ton wrote:
>> Let me chime in.
>> If you can access the page http://$server$/$repository$/raw-changeset/tip >> without logging in (perhaps clear your cache), then you have enough access >> to get the info into Mantis.
>> Ton
>> Op dinsdag 17 januari 2012 22:07:02 UTC+1 schreef Douglas José het >> volgende:
>>> Hi,
>>> I would like to integrate an issue tracker (Mantis) with RhodeCode and >>> need to access the changeset information of a password-protected >>> repository. I'm not having success using an URL with basic authentication >>> (in the format "https://<username>:<password>@server"). Is there an >>> alternative way to access the information I need?
> Well if no-one will steal the api_key then you're pretty safe i guess.
> You can always make IP restrictions on certain url, for extra security > layer.
> On Monday, July 9, 2012 9:31:50 AM UTC+2, Thirumalai Kandasami wrote:
>> Hi Ton,
>> Thanks for your quick reply.
>> I'm able to access page http://$server$/$repository$/raw-changeset/tip >> without logging in.Yes,mantis is working fine but I want to make sure,Will >> it lead to any security flow?.I mean,anyone can able to access my >> repository without permission?
>> Thanks,
>> Thirumalai.
>> On Monday, July 9, 2012 12:21:08 PM UTC+5:30, Ton wrote:
>>> Let me chime in.
>>> If you can access the page >>> http://$server$/$repository$/raw-changeset/tip without logging in (perhaps >>> clear your cache), then you have enough access to get the info into Mantis.
>>> Ton
>>> Op dinsdag 17 januari 2012 22:07:02 UTC+1 schreef Douglas José het >>> volgende:
>>>> Hi,
>>>> I would like to integrate an issue tracker (Mantis) with RhodeCode and >>>> need to access the changeset information of a password-protected >>>> repository. I'm not having success using an URL with basic authentication >>>> (in the format "https://<username>:<password>@server"). Is there an >>>> alternative way to access the information I need?
> Op maandag 9 juli 2012 13:08:00 UTC+2 schreef Marcin Kuzminski het > volgende:
>> Hi,
>> Well if no-one will steal the api_key then you're pretty safe i guess.
>> You can always make IP restrictions on certain url, for extra security >> layer.
>> On Monday, July 9, 2012 9:31:50 AM UTC+2, Thirumalai Kandasami wrote:
>>> Hi Ton,
>>> Thanks for your quick reply.
>>> I'm able to access page http://$server$/$repository$/raw-changeset/tip >>> without logging in.Yes,mantis is working fine but I want to make sure,Will >>> it lead to any security flow?.I mean,anyone can able to access my >>> repository without permission?
>>> Thanks,
>>> Thirumalai.
>>> On Monday, July 9, 2012 12:21:08 PM UTC+5:30, Ton wrote:
>>>> Let me chime in.
>>>> If you can access the page >>>> http://$server$/$repository$/raw-changeset/tip without logging in (perhaps >>>> clear your cache), then you have enough access to get the info into Mantis.
>>>> Ton
>>>> Op dinsdag 17 januari 2012 22:07:02 UTC+1 schreef Douglas José het >>>> volgende:
>>>>> Hi,
>>>>> I would like to integrate an issue tracker (Mantis) with RhodeCode and >>>>> need to access the changeset information of a password-protected >>>>> repository. I'm not having success using an URL with basic authentication >>>>> (in the format "https://<username>:<password>@server"). Is there an >>>>> alternative way to access the information I need?
