Re: [sahana-projects] Blue Print for Mobile Clients

[Fran Boon]

Thanks, good to see the progress.

I'm not sure what you mean by 'connect' when discussing the
difficulties you're facing...does the URL work in a browser?
Do you have basic Internet connectivity running OK from the client?

Best Wishes,
Fran.


On 10 October 2012 09:23, Altaf Hussain Palanawala <aspa...@ncsu.edu> wrote:
> Hello Fran,
>
> We would like to apologize for not updating Sahana group with our work
> progress on a timely basis. We were actively working on the project till the
> last week when some individual work commitments took most of our times which
> interrupted our project work.
>
> However, we were able to accomplish quite a few things during this period.
> We installed the eclipse plugin for android development and got our emulator
> running for a simple android application.
>
> We were able to install the ODK Collect Client and got it running on the
> emulator. We followed the installation steps mentioned in the Developer
> guidelines ( and also read User guidelines ) for the Blue Print project
> which helped us to get the Sahana Eden Server up and successfully running on
> our local machines.
>
> We tried to connect the server using the ODK Collect Client from the
> emulator but failed to succeed in that. We tried to change the IP address of
> the ODK Collect Client in the emulator as it was trying to connect to some
> other remote IP address, but still we could not manage to connect the
> client. So, we looked into the "xforms.py" file and tried to learn what the
> code does in order to fix this.
>
> Since we were not able to connect, we thought to post this on Sahana Eden
> forums but due to some immediate deadlines we couldn't do so. So, could you
> please let us know if we are moving on the right track or what could be the
> plausible reasons for our errors?
>
> We plan to finish our design discussion soon and update the Sahana group for
> some valuable inputs.
>
>
>
>
> --
> Regards,
> Altaf Hussain
> NC State University.
>

[Fran Boon]

On 10 October 2012 09:56, Altaf Hussain Palanawala <aspa...@ncsu.edu> wrote:
> The local host URL ( on port 8000 ) is working great in the web browser. And
> the client is also supporting basic Internet connectivity.
> By "connect" we meant that we were trying to connect the Sahana server
> through the ODK Collect Client by configuring its server's IP address to
> "127.0.0.1:8000" to generate forms. Since both the client and the server are
> in same network, we assumed that it should be able to identify Sahana server
> and respond, but it could not connect to the above address.
> So, could you please tell us if we are interpreting the client - server
> model correctly or if there is some other way to follow the connectivity?

This seems like a basic TCP/IP networking issue then?
I suspect that the Android emulator's concept of 127.0.0.1 is
different to that for the host PC.
I don't know if it is possible to work around that - you'd need to
research within the Android emulator community (& pls report back any
findings to the Eden Wiki).
Alternatively, you could put the Eden instance onto a Public IP & thus
access from the Emulator like that...

Best Wishes,
Fran.

[Pat Tressel]

> The local host URL ( on port 8000 ) is working great in the web browser. And the client is also supporting basic Internet connectivity.

> By "connect" we meant that we were trying to connect the Sahana server through the ODK Collect Client by configuring its server's IP address to "127.0.0.1:8000" to generate forms. Since both the client and the server are in same network, we assumed that it should be able to identify Sahana server and respond, but it could not connect to the above address.

This seems like a basic TCP/IP networking issue then?
I suspect that the Android emulator's concept of 127.0.0.1 is
different to that for the host PC.
I don't know if it is possible to work around that - you'd need to
research within the Android emulator community (& pls report back any findings to the Eden Wiki).
Alternatively, you could put the Eden instance onto a Public IP & thus access from the Emulator like that...

Try using your local machine's assigned IP address (public or not).

For Windows:
Open a command prompt window and enter:
ipconfig
Find the Local Area Connection.

Alternative for Windows not using command prompt (I'm using the English names -- translations might not match the words here):
Control panel -> Network and Sharing
In the "active networks" section, for the entry providing your Internet connection ("Access type: Internet"), follow the "Local Area Network" link (on the right).  On the Local Area Connection popup, go to Details.  The IPv4 address should be there.

For Linux, the command is ifconfig, but you might have to hunt for the path.  For Debian:
/sbin/ifconfig

For Mac, it should also be ifconfig.

You can check that there isn't a separate issue with ODK Collect by trying the Eden address in the Android browser running in the emulator.

I have to sign off, so can't try this just now.  (I don't have anything that uses ODK Collect, but can try it from the Android browser.)  Let us know if it works, or if you find another way to refer to your local machine.

If you're not on the sahana-eden mailing list, it would be useful to subscribe.  Fran is forwarding your messages, but you might not get replies, and others on the list might be able to help while Fran is offline.

http://wiki.sahanafoundation.org/doku.php?id=community:mailing_lists#sahana-eden

-- Pat

[Parikshit Deshpande]

Hi All,

Let me introduce myself as Parikshit from N.C.State. 

I am working with Altaf and Prajakta on E603 - Blueprints for Mobile clients. 

We were able to make some progress after Fran's suggestion. 

We tried to deploy sahana server on to a public IP ( http://152.46.20.206:8000/ --> It should still be up and running )

and connect it from Sahana ODK client. 

We were able to get past the connection and no error was shown. 

We are able to access this even from the browser on the emulator. 

We could not however get any forms as we assume the database isnt setup yet. 

Are there anything explicit steps to get this done ? We saw there a bunch of .table files in database folder and we were figuring a way 

as to run them. I assume our next activity would be to get the current forms to work, and see if submission of them works. We can then move on to the customizations on them.

As we will keep looking in the same, any help for the regarding this would be appreciated. 

Thank you Fran and Pat for looking into the previous issue. 

Thanks and Regards,

Parikshit.

[Pat Tressel]

Hi, Parikshit!

We tried to deploy sahana server on to a public IP ( http://152.46.20.206:8000/ --> It should still be up and running )

Great!  Yes, I can view pages on your site.
 

and connect it from Sahana ODK client. 

We were able to get past the connection and no error was shown. We are able to access this even from the browser on the emulator. 

We could not however get any forms as we assume the database isnt setup yet. 

The database appears to be working, and I'm seeing what I expect on your server, except for the map, which doesn't display.  That might be a configuration problem, or maybe the security level has been set so I can't see it while not logged in.  I don't see a gis config record # 1, but maybe I don't have permission to see that either.

Are there anything explicit steps to get this done ? We saw there a bunch of .table files in database folder and we were figuring a way as to run them.

The .table files are used by Web2py to record the database schema.  It uses this to tell when the schema has changed, so it can handle (some) database migrations.  If you have .table files, then Web2py has done the database setup and run through the models (at least the models that aren't conditionally loaded, and I see some that are conditionally loaded).
 

I assume our next activity would be to get the current forms to work, and see if submission of them works. We can then move on to the customizations on them.

Can you give us an example of a form that doesn't work?  Are you getting an error, or do you mean, you're just not sure how to create records?  Have you created accounts and logged in?  You won't see much until you add data, but you should be able to do that if you're logged in.  Your database does have some data -- I can see the country location.

Would it be ok for me to register on your server?

-- Pat

[Fran Boon]

On 11 October 2012 05:51, Parikshit Deshpande <qpar...@gmail.com> wrote:
> We could not however get any forms as we assume the database isnt setup yet.

As Pat says, the database is setup

What URL are you trying?
The correct URL is http://host/eden/xforms/formList

I see this was crashing, so have pushed a fix, and also some other
fixes for this controller...

F

[Fran Boon]

On 12 October 2012 04:19, Parikshit Deshpande <qpar...@gmail.com> wrote:
> Thank you Fran for the fix. We started the server with the latest code and
> it was working fine.
> We were able to get the forms from
> http://152.46.20.206:8000/eden/xforms/formList

Great :)

> The following forms were listed -
> Person.xml
> Shelter.xml
> Ireport.xml
> Image.xml
> Req.xml
> Out of this "Req" form failed to download.

I'm not surprised that there are still issues as this is very old code
- this is what your project is for :)

> Also when we tried "Start New Form" for the other forms which were
> downloaded, Sahana odk collect crashed

'Sahana ODK Collect'?
If you're talking about one of the previous forks of ODK which
students have worked on then they are old/unmaintained - any advances
they m,ade should have been folded back into the ODK core codebase,
but unfortunately I was powerless to assist with that process, so I'm
not sure if that ever happened.
I would start with the normal trunk ODK.

> As a test we tried to open the same from the basic ODK Collect client and
> noticed a few things :
> 1. All the forms showed id=null in their listings.
> 2. When we downloaded them, it gave the following error -
> org.javarosa.xform.parse.XFormParseException : XML Syntax error at line:1,
> column: 2!
> We are not sure if the above errors are related as they are from a different
> Collect client. Can you let us know how to proceed ?

* Have a look at the XForms to see if they are syntactically correct -
this appears to badly-formed XML.
* Engage with the ODK community to see which is the best stable
version of the ODK client to use as I would hope they could catch
badly-formed XML better and /possibly/ it's the parser that's broken
(although that seems less likely)
* Fix any bugs in the Eden Python code (& /maybe/ in the ODK Java
code, although hopefully you shouldn't need to)
- using Eclipse to set Breakpoints is highly-advised:
http://eden.sahanafoundation.org/wiki/DeveloperGuidelines/Eclipse

> Also is it possible to have a short call / audio chat to make us understand
> the flow ( form generation using xforms.py )
> and the change made to it so that we could start debugging ourselves where
> ever possible and then proceed with rest of development.
> We will be available from 9.00 AM - 11.00 AM Friday - EST and 5.30 PM - 7.00
> PM Friday EST ( If that is possible )

The best person for this might be Praneeth as he wrote the original
code...he is currently in Richmond VA, so on the same time zone as
you.

From what I can deduce from the code, the list of available Forms is
defined here (seems self-explanatory):
https://github.com/flavour/eden/blob/master/controllers/xforms.py#L306


Each form is generated here:
https://github.com/flavour/eden/blob/master/controllers/xforms.py#L9

This seems to use custom functions rather than any external library.
- I just did a little optimisation to not lookup table[fieldname] so
many times, which also hopefully makes the code a little easier to
read.
Understanding this code requires understanding Web2Py models &
validators, so reading the web2py book is recommended:
http://web2py.com/book


Forms are are submitted here:
https://github.com/flavour/eden/blob/master/controllers/xforms.py#L329

This processes the XML using the XSL stylesheet here:
https://github.com/flavour/eden/blob/master/static/formats/odk/import.xsl

This ues our std XSLT engine to do this:
http://eden.sahanafoundation.org/wiki/S3XRC/S3XML/Transformation


I'm not sure how much more I can add in a voice call, but I can try if
you feel that email isn't working for you.

Best Wishes,
Fran.

[Pat Tressel]

Just a few additional comments:

I'm not surprised that there are still issues as this is very old code - this is what your project is for :)

Think of it as an opportunity for some hacking practice.  ;-)

> Also when we tried "Start New Form" for the other forms which were > downloaded, Sahana odk collect crashed

'Sahana ODK Collect'?
If you're talking about one of the previous forks of ODK which

students have worked on then they are old/unmaintained ...

I would start with the normal trunk ODK.

There are surely advances in the current ODK that aren't in the old fork.  If you want, you can look at the revision log for the old fork to see if there were any useful changes.  But this may be a distraction.  Unless there are actual bugs in the current ODK, lt's probably better to concentrate on the Eden side, since you can much more easily make changes there and get them accepted.  If there are (what seem to be) bugs in ODK...

* Engage with the ODK community

But before reporting a bug there, do make sure you've got...

the best stable version of the ODK client to use

> 2. When we downloaded them, it gave the following error -
> org.javarosa.xform.parse.XFormParseException : XML Syntax error

Check for that error in the ODK bug reports and see if / when it was fixed.  If that was a while ago, you may have an old version.

Try all the same requests in a browser (if you haven't already) -- that can help you distinguish problems on the Eden side from problems in ODK.

* Fix any bugs in the Eden Python code ...

- using Eclipse to set Breakpoints is highly-advised:
http://eden.sahanafoundation.org/wiki/DeveloperGuidelines/Eclipse

> Also is it possible to have a short call / audio chat to make us understand the flow ( form generation using xforms.py )

It may be easier to understand if you see it happen.

Are you using Eclipse?  To start out with, set a breakpoint at the beginning of the xforms controller function and step through to where the completed result is handed off to Web2py.  Watch as it goes through the stages that Fran pointed out.  Look at the variables to see what's going into the response.

My main recommendation is ==> Go through a request that worked correctly first, and then one that didn't work.  Watch for what they do differently.  Watch for any of the things you noticed in the mal-formed results on the ODK side, like those nulls.

(I found it very instructive to step through an entire request, from where Web2py receives the request through the Eden code, and back through Web2py to where it sends out the reply, but it's likely enough to start with just the controller.)

Understanding this code requires understanding Web2Py models & validators, so reading the web2py book is recommended:
http://web2py.com/book

The Web2py book describes the lifecycle of a request briefly here:
http://web2py.com/books/default/chapter/29/04#Workflow
Look also at the descriptions of request, response, and current.

For more:
http://eden.sahanafoundation.org/wiki/DeveloperGuidelines

-- Pat

[Parikshit Deshpande]

Hi,

We proceeded further with the project and came across a few issues/findings.

We connected the debugger successfully and all requests from mobile ODK collect client or from browser were getting debugged properly. We tried submitting a form by keeping the base URL as "http://156.46.20.206:8000/eden/xforms and the submission URL as "/submission" in the ODK collect client preferences.

However, this wasn't completed and to our understanding we thought the following happened - It got redirected to the login page, which came as a 200 status code to the ODK collect client. The 200 status code check is handled in InstanceUploaderTask class of ODK Collect which displays the error - "Invalid status code on Head request.  If you have a web proxy, you may need to login to your network."

We tried this link -  "http://156.46.20.206:8000/eden/xforms/submission" from the browser and it also redirected us to the login page.

We have been trying to create an account on the Sahana Eden server so that we could use the login credentials to bypass the authentication requests but the login page seems to be broken and a ticket is getting generated we try to create an account. We would appreciate any help on this matter.

Regarding the 2 customizations,

we came across a form by adding the table - doc_image in the list of the tables in formList function and it gave an image form linked to that table. That form had an option of submitting images as attachments and from camera. Is this form the correct one to be used ?

In the mean time we are trying to figure out the changes that would be required for the other piece - location co-ordinates ( table gis_location ).

Thanks and Regards,

Parikshit Deshpande

On Wednesday, 10 October 2012 04:28:48 UTC-4, Fran wrote:

[Pat Tressel]

Parikshit --

We tried this link -  "http://156.46.20.206:8000/eden/xforms/submission" from the browser and it also redirected us to the login page.

We have been trying to create an account on the Sahana Eden server so that we could use the login credentials to bypass the authentication requests

This is a standard issue for all mobile applications that require authentication.  Supplying credentials in the http auth header is likely the right thing to do.  (I believe Dominic has recommended this in the past.)
 

but the login page seems to be broken and a ticket is getting generated we try to create an account. We would appreciate any help on this matter.

Please paste the trace from the ticket (e.g. at pastebin.ubuntu.com) and send a link.  We just need the stack trace and the error message that's shown just after the trace -- we don't need the entire script.

If it's complaining about trying to send email, then you can set up to use gmail as a mailer -- look for this in 000_config.  You'll need a gmail account to use for this.

-- Pat

[Pat Tressel]

We tried this link -  "http://156.46.20.206:8000/eden/xforms/submission" from the browser and it also redirected us to the login page.

We have been trying to create an account on the Sahana Eden server so that we could use the login credentials to bypass the authentication requests

This is a standard issue for all mobile applications that require authentication.  Supplying credentials in the http auth header is likely the right thing to do.  (I believe Dominic has recommended this in the past.)

There are some other questions to consider:

One is how to present a mobile-friendly registration screen.  It might be possible to do this via xforms.  A related issue is use of https or other encryption, so any password is not transmitted in plain text.

Another is what to do about storing the user's login info.  It is typical for mobile apps to *not ask the user* to enter their login info again -- they store it in some "safe" manner, and silently supply it to the remote end as needed.  (As mentioned, for http, that's likely the auth header.)

The app then has to deal with the possibility that the user changes their login info outside of the app, in which case, the app will get an auth failure.  It's typical for apps to ask the user to re-enter their login info in that case.  (If you have some apps that talk to a a remote site that needs a login, and you're willing to change your password at the remote site, you can see how other apps handle this.)

-- Pat

[Fran Boon]

On 17 October 2012 07:27, Pat Tressel <ptre...@myuw.net> wrote:
>>> We tried this link - "http://156.46.20.206:8000/eden/xforms/submission"
>>> from the browser and it also redirected us to the login page.

>> This is a standard issue for all mobile applications that require
>> authentication. Supplying credentials in the http auth header is likely the
>> right thing to do. (I believe Dominic has recommended this in the past.)

Correct: username & password should be provided as HTTP Basic Auth

> There are some other questions to consider:
> One is how to present a mobile-friendly registration screen. It might be
> possible to do this via xforms.

I thought that the ODK client supported saving username & password,
along with the URL of the server.
Perhaps this was something that was only in a Sahana-specific branch
which was never merged back to trunk ODK :/
- yes, here are those changes:
http://code.google.com/r/jaxtrx-edenodkcollect/source/detail?r=0e210c972d00b28b03b6e681bfa74fa97a9d57bf

F

[Fran Boon]

On 17 October 2012 06:36, Parikshit Deshpande <qpar...@gmail.com> wrote:
> We have been trying to create an account on the Sahana Eden server so that
> we could use the login credentials to bypass the authentication requests but
> the login page seems to be broken and a ticket is getting generated we try
> to create an account. We would appreciate any help on this matter.

This works here as far as I know.
Perhaps you should upgrade your Eden (I know there was a bug with
registering the 1st account with the default template a couple of
weeks ago)
If that doesn't work, then providing the error ticket would make it a
*lot* easier to help rather than guessing wildly ;)

> Regarding the 2 customizations,
> we came across a form by adding the table - doc_image in the list of the
> tables in formList function and it gave an image form linked to that table.
> That form had an option of submitting images as attachments and from camera.
> Is this form the correct one to be used ?

You could start with that one, to familiarise with the process.
I'm not sure what the current ODK client is like here but I know that
a previous NCSU project enhanced it to allow selecting an
already-taken image rather than having to take a new photo, which is
obviously far superior:
http://code.google.com/r/vinbitr-odk-collect/source/list

Once we have basic image storing working, then we'd like it to be a
linked resource.
The main problem with the current XForms interface is that it simply
takes a single table & generates an XForm from that.
However Eden models are often more complex - where a single 'resource'
is spread across multiple tables (a primary table & various
'component' tables)

So the ideal would be to have irs_ireport & it's linked doc_image as a
single form.
The ideal would be to base this off the new S3SQLForm
http://eden.sahanafoundation.org/wiki/S3SQLForm

Best Wishes,
Fran.

[Fran Boon]

On 19 October 2012 07:31, Altaf Hussain Palanawala <aspa...@ncsu.edu> wrote:
> We tried registering on the Sahana Eden server again by pulling the latest
> upgrade from github. However, we still failed to register a new account.
> When we click on the ticket generated, it redirects us to this page "
> http://152.46.20.206:8000/admin/default/index?send=%2Fadmin%2Fdefault%2Fticket%2Feden%2F152.46.20.206.2012-10-19.01-53-16.1637b975-b5a1-49cc-a8ec-671d2f84dc6c
> " which requires an admin password to view the ticket. ( The page url is
> " http://152.46.20.206:8000/admin/default/index/ " in normal case when the
> ticket is not generated ).

The admin password for the /admin application is whatever you defined
when you started web2py (either in the Tk widget or via the -a option
on the command line).
If you are still struggling to access it then the ticket is a textfile
on the filesystem:
web2py/applications/eden/errors/152.46.20.206.2012-10-19.01-53-16.1637b975-b5a1-49cc-a8ec-671d2f84dc6c

> As per Fran's suggestion we have made the changes mentioned in
> http://code.google.com/r/jaxtrx-edenodkcollect/source/detail?r=0e210c972d00b28b03b6e681bfa74fa97a9d57bf
> to our ODK collect client and it is working fine now.
> So, as per our understanding we think that if we can setup an account on the
> Eden server, then we should be able to submit the forms successfully from
> the ODK collect client. Please correct us if we have misunderstood the login
> behavior.

Hopefully!

> Also, we would like to know if there is any specific android
> version required to run the ODK Collect client. We are currently running the
> ODK Collect ".apk" file on Android 2.4.3. If this version has any
> compatibility issues, please let us know. Thank you.

My understanding is that there is good backward compatibility and that
ODK doesn't require a modern version, so you should be OK unless using
a very old version.
- however the ODK community would be able to better answer such a
query (either via Searching or posting to one of their community
channels).
If you are making changes to the Java code then suggest using an older
version of the SDK to ensure that you don't break the backwards
compatibility accidentally.
I looked at our wiki page as I guessed I would have recorded this
detail when I last looked at this & I did:
http://eden.sahanafoundation.org/wiki/DeveloperGuidelines/Mobile/Android#EditingCode
So you need a minimum of just 1.5 unless using the SMS extensions
which requires 1.6

F

[Altaf Hussain]

Hello,

We found a few more findings/issues working on the project which are listed as below:

1. As per Fran's suggestion, we tried to view the ticket ( on the redirected admin page ) using the password passed via the -a option. However, we still failed to view the ticket. We even tried to register using the local host but no success to our avail.
So, we looked into the ticket from the error directory but found it hard to decipher. Please find attached the ticket that was generated on registering to the Sahana Eden Server.
Alternately, it would be helpful if you could provide us with some dummy account which we can use as login credentials.


2. When looking into the ODK collect code for authentication we found that on form submission, the server gets redirected to the login page and returns an HTTP code of 200 which causes an exception to be thrown. We also tried to execute the "curl" command with a sample xml file to see if the form is getting submitted. This command also redirected us to the login page. The trace is shown below:

$ curl --basic -u sah...@eden.com:eden -F xml_submission_file=@image.xml http://152.46.20.206:8000/eden/xforms/submission
You are being redirected <a href="/eden/default/user/login?_next=/eden/xforms/submission">here</a>

3. We are trying to come up with a compatabile logic for sending username and password in the latest version of ODK collect.

4. We tried a couple of things other than the one mentioned above to understand the redirection flow in xforms.py
    i)  We remove this code "@auth.s3_requires_membership(2)" ( present here " https://github.com/flavour/eden/blob/master/controllers/xforms.py#L306 " ) temporarily from xforms.py so as to understand how redirection works.

   ii)  While importing the xml files which were send as a request from the client to the database, the server produced a BAD REQUEST error. We think that we need to make a few fixes in xforms.xml to make this work correctly. Could you please tell us if there is any other way to go about this issue. Also, it would be helpful if you could let us know any other way to capture the xml files send from client to the server to see the exact structure of the passed xml file.

5.  Regarding the change for location and image coordinates, we are working on generating an xml file ( like xforms.xml ) which would produce an output similar to the geotagger.xml

We assume that with this implementation and adding the tables "gis_location" and "doc_image" in the formList should make the functionality work successfully. So, are we on the thinking on the correct path for this customization? Please let us know. Thanks.

[Pat Tressel]

Hi, Altaf, Parikshit --

Parikshit and I have been chatting on IRC.  He is going to try setting up a mailer -- this is currently necessary, since a "welcome" message was added, but I'm making a change that will make it optional.

Let's wait to see if that clears up the registration issue.  To summarize, these are the settings you need in 000_config:

settings.mail.server = "smtp.gmail.com:587"
settings.mail.tls = True
settings.mail.login = "a_gmail_account:its_password"
settings.mail.sender = "'Your site' <a_gmail...@gmail.com>"

I'm surprised that there is trouble viewing the ticket -- that's a standard Web2py feature, nothing to do with Eden.  Are you starting Web2py with a web server like Apache, or are you starting it from the command line?

Try this:

Start your Web2py server, give it an admin password (either with -a on the command line or in the Web2py "start server" window).

Go to the base Web2py URL, not the eden URL -- leave off the /eden part.  You should see the "welcome to Web2py" page.

Click the "Administrator interface" link.  Log in using the admin password you set.  Does that work?  If it does...

Click the "errors" link under the eden application.

Find the appropriate ticket and look at it.

But please do also try setting up the mail server.

-- Pat

[Pat Tressel]

Altaf --

2. When looking into the ODK collect code for authentication we found that on form submission, the server gets redirected to the login page and returns an HTTP code of 200 which causes an exception to be thrown.

That is normal and expected.  As we've discussed before, it is because no username and password are being sent in the http auth header.
 

3. We are trying to come up with a compatabile logic for sending username and password in the latest version of ODK collect.

4. We tried a couple of things other than the one mentioned above to understand the redirection flow in xforms.py
    i)  We remove this code "@auth.s3_requires_membership(2)" ( present here " https://github.com/flavour/eden/blob/master/controllers/xforms.py#L306 " ) temporarily from xforms.py so as to understand how redirection works.

Rather than worry about redirection, how about just checking whether the user has already given your app their registration info?  If they have not, then show them a "login or register" form.  If they already have an account, they can just fill in their username and password.  Save that in the app's storage (however one does that with ODK).  If they want to register, you can collect registration info and send it to the server.  (I forget -- was there some previous work on this?)

-- Pat

[Fran Boon]

On 20 October 2012 10:36, Pat Tressel <ptre...@myuw.net> wrote:
> Rather than worry about redirection, how about just checking whether the
> user has already given your app their registration info? If they have not,
> then show them a "login or register" form. If they already have an account,
> they can just fill in their username and password. Save that in the app's
> storage (however one does that with ODK). If they want to register, you can
> collect registration info and send it to the server. (I forget -- was there
> some previous work on this?)

rather than that I would simply show a decent error message if the
user hasn't configured the client with a username/password.
Supporting registration via the ODK client seems like a heavy
distraction, as does a login form.
Adding these elements within the ODK client config is the correct solution.

F

[Fran Boon]

On 20 October 2012 09:35, Altaf Hussain <pala...@gmail.com> wrote:
> 1. As per Fran's suggestion, we tried to view the ticket ( on the redirected
> admin page ) using the password passed via the -a option. However, we still
> failed to view the ticket. We even tried to register using the local host
> but no success to our avail.
> So, we looked into the ticket from the error directory but found it hard to
> decipher. Please find attached the ticket that was generated on registering
> to the Sahana Eden Server.

No ticket attached I'm afraid.
The key element is usually right at the end.

> Alternately, it would be helpful if you could provide us with some dummy
> account which we can use as login credentials.

If you use a different prepopulate setting then you can get dummy data
including a pre-registered admin account (ad...@example.com / testing)
models/000_config.py
settings.base.prepopulate = ["IFRC_Train"]

> 2. When looking into the ODK collect code for authentication we found that
> on form submission, the server gets redirected to the login page and returns
> an HTTP code of 200 which causes an exception to be thrown.

You need the jaxtroid extensions to the ODK client & configure the
username/password there.
- this is documented on our Wiki page.

> 3. We are trying to come up with a compatabile logic for sending username
> and password in the latest version of ODK collect.

Right - not getting code committed to core projects is a problem :/

> ii) While importing the xml files which were send as a request from the
> client to the database, the server produced a BAD REQUEST error. We think
> that we need to make a few fixes in xforms.xml to make this work correctly.

Possibly the structure has changed a little

> Could you please tell us if there is any other way to go about this issue.
> Also, it would be helpful if you could let us know any other way to capture
> the xml files send from client to the server to see the exact structure of
> the passed xml file.

If your server is not using 127.0.0.1 then you can use a packet
sniffer running on the server...e.g. tcpdump which can be analysed
using the GUI client Wireshark.
- this is a really good toolset to become familiar with
There may be equivalents for Android, but I am unaware of them.

> 5. Regarding the change for location and image coordinates, we are working
> on generating an xml file ( like xforms.xml ) which would produce an output
> similar to the geotagger.xml
> We assume that with this implementation and adding the tables "gis_location"
> and "doc_image" in the formList should make the functionality work
> successfully. So, are we on the thinking on the correct path for this
> customization?

Well, this is the 1st prototype step indeed.
However really we want forms which include image_id & location_id
reference fields to create the doc_image and gis_location records
which are linked from the main record.
Feel free to create a dummy table with these 2 fields to prove that.

We can then look at the more complex example, like IRS, where the
doc_image is a component later - perhaps as part of your next 'final'
project?

Best Wishes,
Fran.

[Pat Tressel]

Fran, et al. --

The point I'm making is that the lack of username and password in the auth header is what's causing the redirect.

In order to "configure the client with a username/password" there must be a way to enter said username and password.  So they do need an *app* form (not a web form or xform) to collect that info.

Whether they want to go on to also support registration is another issue.

That's actually easy to work around (or at least, it is for Android) -- launch a browser at the eden registration url and let them register there.  After they're done with that, they can come back to the app and enter the username and password.  That will get some grins, but it works...

I also don't recommend doing either this or a real registration form in the app for now.

But they still do need to get the username and password from the user, and they need to save it for use the next time the user runs the app.  Apps that talk to servers just don't ask for the username and password every time the user runs them.  If the user changes their password on the server then the app should get an auth failure (401) not a redirect.  The app can then ask the user to enter their username and password again.  If we don't deliver a 401 on a bad username / password, maybe we should change that.

-- Pat
 

[Fran Boon]

On 20 October 2012 11:19, Pat Tressel <ptre...@myuw.net> wrote:
> The point I'm making is that the lack of username and password in the auth
> header is what's causing the redirect.

Yes

> In order to "configure the client with a username/password" there must be a
> way to enter said username and password. So they do need an *app* form (not
> a web form or xform) to collect that info.

Yes - this was added to ODK by jaxtroid

> I also don't recommend doing either this or a real registration form in the
> app for now.

Good :)

> Apps that
> talk to servers just don't ask for the username and password every time the
> user runs them. If the user changes their password on the server then the
> app should get an auth failure (401) not a redirect. The app can then ask
> the user to enter their username and password again. If we don't deliver a
> 401 on a bad username / password, maybe we should change that.

Right - it should already be a 401 for non-interactive webservices.
The 303 is only for use with interactive web browsers.

This is defined here:
https://github.com/flavour/eden/blob/master/modules/s3/s3aaa.py#L5073

In this case the initial page being accessed is the one to download
the list of available XForms.
http://127.0.0.1:8000/eden/xforms/formList
This doesn't require any authentication
Nor does downloading the actual forms.

Submitting a form is done via POST to
http://127.0.0.1:8000/eden/xforms/submission
This is indeed currently doing a 303 since this is seeing it as an HTML page.

ok, I set it so that POST to
http://127.0.0.1:8000/eden/xforms/submission.odk returns a 401
(i.e. tell it that this is a non-interactive request)

(I guess that ODK won't easily allow us to replace this submission()
url with ones going directly to our normal REST controllers :/)

F

[Parikshit Deshpande]

Hi,

You are correct regarding the statement for the final project. We would like to continue the “Blueprint for Mobile Client” project for our final project which would give us another 6 weeks to work on this ( there will be some minor changes in the team and we may also have one more member to work with us ).

Looking at the status as of now, we think we can push the auth changes from jaxtroid for the latest version of ODK Collect as a separate Sahana ODK Collect ( OR merge into the ODK Collect trunk - whichever is advisable ) for the project deadline of Oct 23, 2012.

For the server side, there are no significant code changes to merge in since we have been trying to debug the submission flow. We will continue to investigate in the direction pointed by you to debug the  BAD REQUEST error coming for the current xml submissions.

If this is fine with you we can setup a call regarding the approach for the final project which would give us a better understanding.

Also should we compile a document with the list of issues and countermeasures (setup details) and some of the auth changes for ODK Collect Client as a part of the project submission for Oct 23 and then continue working on the final one ?

Thanks and Regards,
Parikshit Deshpande

On Wednesday, 10 October 2012 04:28:48 UTC-4, Fran wrote:

[Fran Boon]

On 21 October 2012 08:50, Parikshit Deshpande <qpar...@gmail.com> wrote:
> You are correct regarding the statement for the final project. We would like
> to continue the “Blueprint for Mobile Client” project for our final project
> which would give us another 6 weeks to work on this ( there will be some
> minor changes in the team and we may also have one more member to work with
> us ).

Great :)

> Looking at the status as of now, we think we can push the auth changes from
> jaxtroid for the latest version of ODK Collect as a separate Sahana ODK
> Collect ( OR merge into the ODK Collect trunk - whichever is advisable ) for
> the project deadline of Oct 23, 2012.

Merging code upstream is always preferable where possible.
Forking is required only when that becomes too difficult as the
upstream project is either too slow or simply has different ideas.
Maintaining a diff is an interim stage required anyway.

Meanwhile documenting for others how to easily get a known-good setup is great.
You can see a lot of notes on the Wiki already, yet somehow you still
found it difficult to get going - so making this easier for the next
people (which includes your team mates!) will be useful...

> For the server side, there are no significant code changes to merge in since
> we have been trying to debug the submission flow. We will continue to
> investigate in the direction pointed by you to debug the BAD REQUEST error
> coming for the current xml submissions.

ok

> If this is fine with you we can setup a call regarding the approach for the
> final project which would give us a better understanding.

I'm still not totally convinced why voice works better than text &
drawings....I can see value in a real-time meeting since the timezone
difference means that we're effectively only getting a single comms
per day currently :/
(I'm not sure why this is since I can have several comms/day with
other people on EST - we do have many hours of overlap - perhaps this
is because you are busy with other projects during your day & so only
get to Sahana in your evening by which time I have gone to bed?)

Before any call, please take the time to read through the past mails &
draw up a draft design/plan - this can be done on the Wiki &/or Google
Docs (latter best for drawings & for draft text which we might want to
edit a lot in real-time together).
We can then collaborate better than just voice (which I often find a
real struggle).
We can also potentially use screens-sharing if-required.

> Also should we compile a document with the list of issues and
> countermeasures (setup details) and some of the auth changes for ODK Collect
> Client as a part of the project submission for Oct 23

I am not the one marking your submission I don't think - I don't know
what is needed for that.
For me, I want the Wiki to be updated as-required and yes this should
include a rebased diff for getting ODK Collect working with Sahana.

> and then continue working on the final one ?

I am interested in seeing something come out of the time we've spent
together certainly :)

F

[Parikshit Deshpande]

Hi,

We have the following updates for the project:

1. The login ad...@example.com/testing did not work for us, however we were able to create

a new account after configuring the mailer as directed by Pat. 

2. We added the code to send the authentication details as a part of HTTP Basic auth 

after taking the information from the user ( Reading it from preferences ) 

We are able to read the username/password correctly from the user, and we are setting it 

as well in the auth, (enabling the preemptive auth as well) 

if(!this.mLogon.equals("")) { //Logon information provided

Log.i("Uploading","preemptiveAuth");

HttpRequestInterceptor preemptiveAuth = new HttpRequestInterceptor() {

public void process(final HttpRequest request, final HttpContext context) throws HttpException, IOException {

HttpHost targetHost = (HttpHost) context.getAttribute(ExecutionContext.HTTP_TARGET_HOST);

AuthScope authScope = new AuthScope(targetHost.getHostName(), targetHost.getPort());

AuthState authState = (AuthState) context.getAttribute(ClientContext.TARGET_AUTH_STATE);

CredentialsProvider credsProvider = (CredentialsProvider) context.getAttribute(

ClientContext.CREDS_PROVIDER);

Credentials creds = credsProvider.getCredentials(authScope);

if (creds != null) {

authState.setAuthScheme(new BasicScheme());

authState.setCredentials(creds);

}

}

};

defaultHttpclient.addRequestInterceptor(preemptiveAuth, 0);

However we were still getting a 200 from the server as it was getting redirected to login page.

3. On some investigation on server side, we noticed that it was checking for the format of the

request and deciding where to redirect to. 

if not auth.s3_logged_in():

        auth.permission.fail()

        

We tried by adding 

auth.permission.format="application/xml" , to set the format to application/xml, with this change we got a 

401, and we were asked to enter username and password from the mobile. ( We believe the preemptive auth dint

work as it should have picked from there)

We tried entering the valid account that we created, however it was not accepting it and bringing up the same

page to enter credentials again and again.

On further investigation in the "not auth.s3_logged_in():" code, we noticed that it was returning back from 

the following bolded part in tools.py :

def basic(self):

        if not self.settings.allow_basic_login:

            return (False,False,False)

        basic = current.request.env.http_authorization

        if not basic or not basic[:6].lower() == 'basic ':

            return (True, False, False)

        (username, password) = base64.b64decode(basic[6:]).split(':')

        return (True, True, self.login_bare(username, password))

        

We tried a couple of things here, to move the username, password abstraction before that check,remove that

check completely, however with those changes we were getting Internal server errors.

As for the other activities, we are working on editing the Wiki page with all the issues that we faced. 

We would appreciate some help in the auth part. We will try to be connected to chat throughout the day, 

so that we can communicate in a much quicker way.

Thanks,

Parikshit

On Wednesday, 10 October 2012 04:28:48 UTC-4, Fran wrote:

[Fran Boon]

> We tried by adding
> auth.permission.format="application/xml" , to set the format to
> application/xml

Where did you do this?
Inside the submission() controller?
An alternative, which is what I suggested was to provide this in the URL, e.g.
/eden/xforms/submissions.odk

> with this change we got a
> 401, and we were asked to enter username and password from the mobile. ( We
> believe the preemptive auth dint
> work as it should have picked from there)

Pre-emptive auth works for me with REST Client UI, which is what I use
to test REST interfaces outside of my own client code:
http://code.google.com/p/rest-client/

Try with that to see whether this is a server issue or a client issue.

F

> --
> You received this message because you are subscribed to the Google Groups
> "Sahana-Eden" group.
> To post to this group, send email to sahan...@googlegroups.com.
> To unsubscribe from this group, send email to
> sahana-eden...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/sahana-eden/-/Qnan7X-cBxcJ.
>
> For more options, visit https://groups.google.com/groups/opt_out.
>
>

[Parikshit Deshpande]

Hi,

Yes we were setting that in the submission() controller method.

I tried with the rest client, in auth tab i entered username, password

and checked the pre-emptive box. 

It went pass the authentcation step.

So, we have an issue with the client it seems.

Do you want me to share the code ? 

[Fran Boon]

On 22 October 2012 13:29, Parikshit Deshpande <qpar...@gmail.com> wrote:
> I tried with the rest client, in auth tab i entered username, password
> and checked the pre-emptive box.
> It went pass the authentcation step.
> So, we have an issue with the client it seems.

As I suspected...a useful tool, eh?

> Do you want me to share the code ?

Java code?
Sorry, I'm really not the best person to help with that I'm
afraid...try the ODK community? Other Android communities?

Feel free to post here anyway just in case someone else subscribed
here can make sense of it...

F

> --
> You received this message because you are subscribed to the Google Groups
> "Sahana-Eden" group.
> To post to this group, send email to sahan...@googlegroups.com.
> To unsubscribe from this group, send email to
> sahana-eden...@googlegroups.com.
> To view this discussion on the web visit

> https://groups.google.com/d/msg/sahana-eden/-/HFAD_U6-Le4J.

[Pat Tressel]

> Do you want me to share the code ?

Java code?
Sorry, I'm really not the best person to help with that I'm
afraid...try the ODK community? Other Android communities?

Feel free to post here anyway just in case someone else subscribed here can make sense of it...

I'm not familiar with ODK, but do write Android apps and have been programming in Java since about v1.2.

-- Pat

[Parikshit Deshpande]

Hi,

We are trying to set the credentials from HTTP auth in the ODK Collect code by using the following - 

HttpRequestInterceptor preemptiveAuth = new HttpRequestInterceptor() {

public void process(final HttpRequest request, final HttpContext context) throws HttpException, IOException {

AuthState authState = (AuthState) context.getAttribute(ClientContext.TARGET_AUTH_STATE);

CredentialsProvider credsProvider = (CredentialsProvider) context.getAttribute(

ClientContext.CREDS_PROVIDER);

HttpHost targetHost = (HttpHost) context.getAttribute(ExecutionContext.HTTP_TARGET_HOST);

if (authState.getAuthScheme() == null) {

AuthScope authScope = new AuthScope(targetHost.getHostName(), targetHost.getPort());

Credentials creds = credsProvider.getCredentials(authScope);

if (creds != null) {

authState.setAuthScheme(new BasicScheme());

authState.setCredentials(creds);

}

}

}

};

defaultHttpclient.addRequestInterceptor(preemptiveAuth, 0);

On debugging we found that creds object is coming as null and it is not setting credentials because of that. 

We want to pass the authentication details in the header with preemptive auth enabled so that submission of the xforms, passes the authentication at the server side.

Thanks and Regards,

Parikshit Deshpande.

[Pat Tressel]

Parikshit --

We are trying to set the credentials from HTTP auth in the ODK Collect code by using the following - 

HttpRequestInterceptor preemptiveAuth = new HttpRequestInterceptor() {

public void process(final HttpRequest request, final HttpContext context) throws HttpException, IOException {

AuthState authState = (AuthState) context.getAttribute(ClientContext.TARGET_AUTH_STATE);

CredentialsProvider credsProvider = (CredentialsProvider) context.getAttribute(

ClientContext.CREDS_PROVIDER);

HttpHost targetHost = (HttpHost) context.getAttribute(ExecutionContext.HTTP_TARGET_HOST);

if (authState.getAuthScheme() == null) {

AuthScope authScope = new AuthScope(targetHost.getHostName(), targetHost.getPort());

Credentials creds = credsProvider.getCredentials(authScope);

if (creds != null) {

authState.setAuthScheme(new BasicScheme());

authState.setCredentials(creds);

}

}

}

};

defaultHttpclient.addRequestInterceptor(preemptiveAuth, 0);

On debugging we found that creds object is coming as null and it is not setting credentials because of that. 

We want to pass the authentication details in the header with preemptive auth enabled so that submission of the xforms, passes the authentication at the server side.

Did you ask the user for their username and password?  Do you have a target host set?  Were the credentials (username & password) for that host set?  Seems reasonable that there won't be any creds until you get them from the user to begin with, and save them.  ;-)  You could do that if you get back null for creds (but might want to reorganize the code so you don't have to duplicate parts of it).

There's sample code here that shows setting the credentials -- look at the "Preemptive BASIC authentication" example.

http://hc.apache.org/httpcomponents-client-ga/examples.html

Note the call to setCredentials to save the username and password for the target host.

They're putting in fake data -- "localhost", "username", "password".  You still need to get those from the user.  You don't need to interfere with the current activity or view -- you can use a popup that will open a separate view:

http://developer.android.com/reference/android/widget/PopupWindow.html

One other thing:  You're using 1.6 as the target Android version, right?  Don't use 1.5 or earlier -- HttpClient was apparently a different version then.

Are you debugging the app in Eclipse (strongly recommended)?  I'm guessing you probably are.

-- Pat

[Pat Tressel]

Summary of IRC chat with Parikshit earlier today...

Requests succeed if they are sent via browser (after logging in) or RESTClient (with username and password in HTTP auth header, not sure if preemptive auth flag set).  They don't succeed when sent from ODK client with code similar to the posted preemptive auth code.  (Main difference is that username and password are being stored in preferences rather than via credentials provider.  This should not make a difference.)

If I understand correctly, username and password were observed to arrive at the server from the ODK client, not sure if the preemptive auth flag was seen to be on (but it is being set on the ODK client side).  The behavior with requests from ODK client and RESTClient differed when they got to s3_logged_in() so the next step will be to step through what happens inside s3_logged_in() for both requests, and see where they diverge.

Current code has been pushed to Github at:
https://github.com/altafhussain/Sahana-ODK-Collect-Client
Readme will be updated with instructions to run this.

Server is publicly accessible, folks helping w/ this can ask for the URL.

-- Pat

[Fran Boon]

On 25 October 2012 08:11, Pat Tressel <ptre...@myuw.net> wrote:
> Requests succeed if they are sent via browser (after logging in) or
> RESTClient (with username and password in HTTP auth header, not sure if
> preemptive auth flag set). They don't succeed when sent from ODK client
> with code similar to the posted preemptive auth code. (Main difference is
> that username and password are being stored in preferences rather than via
> credentials provider. This should not make a difference.)
> If I understand correctly, username and password were observed to arrive at
> the server from the ODK client, not sure if the preemptive auth flag was
> seen to be on (but it is being set on the ODK client side). The behavior
> with requests from ODK client and RESTClient differed when they got to
> s3_logged_in() so the next step will be to step through what happens inside
> s3_logged_in() for both requests, and see where they diverge.

I would try to look at the packets using a packet sniffer to see how
they differ.

If the same packets arrive at the server they will be acted upon the same.

F

[Pat Tressel]

> ...the next step will be to step through what happens inside

> s3_logged_in() for both requests, and see where they diverge.

I would try to look at the packets using a packet sniffer to see how they differ.

That's a useful option, but requires another moving part -- they're set up for debugging.  ;-)

Wireshark is a good sniffer.
http://www.wireshark.org/

One advantage to comparing the packets is that one would see the difference before Rocket / Web2py unpacked and interpreted the contents, which might obscure the meaningful difference (especially if it's that preemptive auth flag).

-- Pat

[Parikshit Deshpande]

Hi,

Pat : Yes we are setting preemptive auth true from the REST client and also and trying to do the same 

from ODK Collect ( by trying to set it in localContext)

localContext.setAttribute("preemptive-auth", basicAuth); --> Hope this is what is required.

We tried debugging the submission flow with preemptive authentication further with the below analysis :

Request sent from Rest client --

Flow went inside s3_logged_in()   .... xforms.py

There it checked for  if not self.is_logged_in():   ... tools.py

inside this 

 def is_logged_in(self):

        """

        checks if the user is logged in and returns True/False.

        if so user is in auth.user as well as in session.auth.user

        """

        if self.user:

            return True

        return False

        

It returned the flow back on self.user .. as self.user it was populated correctly with the user details

From ODK Collect Client

Tried a couple more things with preemptive auth 

http://stackoverflow.com/questions/2014700/preemptive-basic-authentication-with-apache-httpclient-4

It is failing at :

if not auth.s3_logged_in(): ... since self.user is not populated, the previous check fails. 

 if not self.is_logged_in():

            basic = self.basic()   --> Goes in here

            try:

                return basic[2]

                   

 def basic(self):

        if not self.settings.allow_basic_login:

            return (False,False,False)

        basic = current.request.env.http_authorization

        if not basic or not basic[:6].lower() == 'basic ':

            return (True, False, False)                                      ---> Goes in here

        (username, password) = base64.b64decode(basic[6:]).split(':')

        return (True, True, self.login_bare(username, password))

        

We have installed wireshark and checking some tutorials to capture packets for the requests.

This will allow us to compare the packets as suggested by Fran.

We have added 2 members in the team and one person has left.

So now we have Deep and Priyanki also working with us. ( Me, altaf, deep and priyanki -> Team for final project)

After giving them proper KT about the current development we were thinking of splitting

the work of generating the forms for location and images and the authentication part.

Also on the github link - https://github.com/altafhussain/Sahana-ODK-Collect-Client

in the README.txt i have added the steps to setup the project in case anyone wants to try it. 

Thanks and Regards,

Parikshit Deshpande

[Pat Tressel]

Hi, Parikshit!

So the main question is, why did auth.user get filled in for one case and not the other?  Can you set a "watch" on auth.user (if it exists at the beginning of the request to see when it gets changed, or if it doesn't exist, set a watch on auth to see when user gets added?

        basic = current.request.env.http_authorization

        if not basic or not basic[:6].lower() == 'basic ':

            return (True, False, False)

        (username, password) = base64.b64decode(basic[6:]).split(':')

        return (True, True, self.login_bare(username, password))

So another question is, what's basic?  what's in current.request.env.http_authorization in the two cases?

Also on the github link - https://github.com/altafhussain/Sahana-ODK-Collect-Client in the README.txt i have added the steps to setup the project in case anyone wants to try it.

Great!!

-- Pat

[Parikshit Deshpande]

Hi,

I added a check on auth.user. It gets populated even before the request reaches submission method in the happy flow (REST client)

but when submitted from the ODK it is null. 

Regarding - "or if it doesn't exist, set a watch on auth to see when user gets added?"

How exactly can i check it ? Do you mean when i create the user ? 

I debugged the flow further.

basic = current.request.env.http_authorization

returns basic as "TypeError: 'NoneType' object is not subscriptable"

I am assuming the packet is not quite what is expected.

I had checked with the ODK community and got a reply saying setting up of Preemptive auth is implemented for https with the below line - 

WebUtils.enablePreemptiveBasicAuth(localContext, u.getHost());

With HTTPs i am getting -> javax.net.ssl.SSLPeerUnverifiedException: No peer certificate --> Any idea about this ? 

I tried using the same code with a normal HTTP request and implementing an HttpRequestInterceptor to add the 

credentials to the request, but on server it failed with the same issue.

I have also reported my findings in ODK community. 

Also if it is possible we can have a remote debug using teamviewer or something ? 

Thanks,

Parikshit Deshpande.

[altafhussain palanawala]

Hi Fran,

Hope you are doing fine. 

We apologize for for the delay in our response due to some immediate course work. Please find the project status as below:

ODK Collect Authentication:

We were facing issues with authentication as mentioned by Parikshit in his last email to Pat.

So, Using the HTTPS connection we are getting the following error: " javax.net.ssl.SSLPeerUnverifiedException: No peer certificate". Can you please help us to resolve the error? Or any idea what could be causing this error to happen? 

Further, we tried capturing the XML File which is submitted by the ODK Collect Client through Wireshark, but we were not able to identify the exact request which had that XML data. We were finding it difficult to comprehend the wireshark details for the ODK Client - Sahana Server communication. The Wireshark monitor was generating continuous requests on our public IP server due to which we couldn't identify which request exactly corresponds to our ODK Collect request.

We then checked with the ODK community to find out a way to look after that and found that we need to update the Phone Root Certificates. This requires to Root our phone. So, currently we are doing that.

XForms Generation:

For the XForms generation through the xforms.py file we went through the Geotagger.xml file that is provided on Sahana wiki and also tried to understand the basic generation of XML files through python code. However we were finding it difficult to proceed with the XForms generation for location coordinates. Any startup guidance would really help us to identify things that needs to be done.

Also, we gave some KT to our new members in the team and got their initial setup done. So, even they have their Client- Server configuration running now.

It would be helpful if you can provide some guidance for the above areas. Thank you.



--
Regards,
Altaf Hussain

[Pat Tressel]

Hi, Altaf!

Hi Fran,

Hope you are doing fine.

Fran is really busy with hurricane Sandy response just now.
 

So, Using the HTTPS connection we are getting the following error: " javax.net.ssl.SSLPeerUnverifiedException: No peer certificate". Can you please help us to resolve the error? Or any idea what could be causing this error to happen? 

You've probably visited sites in your browser where the browser put up a warning about an "untrusted" site...?  Well, that's what this is.  HTTPS expects to find an "SSL certificate" on the server.  SSL certificates identify the server as being really who they claim to be.  This helps avoid problems like man-in-the-middle attacks or DNS hijacking, in which you're not really talking to the server that you want.  SSL certificates (certs, for short) are issued by "certificate authorities" (CAs).  When you request a cert from a CA, the CA does various things to try to assure that the machine the cert will be installed on is actually the machine with the address you're claiming.  There is another option, which is to generate your own certificate -- a "self-signed certificate".  No browser will trust a self-signed cert because there's no CA that's vouching for it.  But you can tell the browser -- or in your case, tell your HttpClient, to trust the cert anyway.

So you have several options (hint -- you'll probably pick #3):

1) Get a real cert from a trusted CA.  You'd need a real, public IP address and domain name to go with it.  So if the server is on an internal network, this isn't a good option.  Also this costs money.  It requires some effort to do the site verification well, and the issuing CA is essentially making a guarantee that the site is legitimate, so certs tend to cost a lot if they're issued by really respectable CAs.  Or rather, that used to be true.  But lately, some CAs have been dropping prices.  I'll include a link below to a GoDaddy promotion where they're offering a single site cert for $6 (haven't checked what the restrictions are yet).  And gandi.net has good prices for combined domain registrations and certs. 

2) Get a free cert from CACert:
http://www.cacert.org/
That takes some time, and CACert isn't trusted by browsers, nor will it be trusted by default by your phone client, so you'd have to add it or add the specific cert issued by it as trusted.

However, neither 1) nor 2) may be a good option for you, if your server is on an *internal* network, with a non-public IP address, and your IT folks don't want to allow it to be on the external Internet.  So...

2) Make a self-signed cert.  When you get the error, allow the user to accept the cert and if they do, record it in your TrustManager (which may need to be customized), and save the info in (e.g.) preferences, so they don't have to be asked again.

Before we go on to any other issues, I'm going to send this off so you can get started on the self-signed cert (or on getting a cert).

Here's some info on making a self-signed cert (I haven't done it...yet...but will likely need to Real Soon Now).

http://webdesign.about.com/od/ssl/ht/new_selfsigned.htm
http://www.akadia.com/services/ssh_test_certificate.html
Background:
http://en.wikipedia.org/wiki/Self-signed_certificate

In the unlikely case that you want to get a real cert, here's the offer from GoDaddy that I came across -- let me know if you see the $5.99 price.
http://www.godaddy.com/compare/gdcompare3_ssl.aspx?gclid=COLA3KuL4rMCFYl7Qgod7ycAmw&isc=zssl203a&ef_id=Bw1QDt3yDb4AAAQ0:20121122074938:s

And here's gandi.net's domain registration plus cert:
http://www.gandi.net/ssl

After that, the next step would be looking into how to ask the user if they want to trust it, and how to have the TrustManager accept it.  That is not wasted effort -- it's not just something you'd need during testing -- because asking the user about an untrusted cert comes up in the real world too.  For one thing, it would allow the user to accept certs issued by CACert.

-- Pat

[Fran Boon]

On 22 November 2012 03:31, Pat Tressel <ptre...@myuw.net> wrote:
> Fran is really busy with hurricane Sandy response just now.

& can't help w Java anyway ;)

tx 4 stepping into the breach :)

Thanksgiving feeding currently...

F

[Pat Tressel]

Hi, Parikshit!

I tried the 3rd option that you suggested I.e. to generate a self signed certificate.  ...

I had used the first link you provided - 

http://webdesign.about.com/od/ssl/ht/new_selfsigned.htm

Please look at what the second description says too -- that's why I included it...  ;-)

http://www.akadia.com/services/ssh_test_certificate.html

It talks about removing the passphrase.  You will need to do that, because Rocket under Web2py (the webserver you're using) doesn't have a (properly functioning) way for you to enter the passphrase when you start Web2py.

I am accessing from my Android phone through the ODK Collect Client, so I copied these files there and installed the certificate from settings. 

The cert should be installed *on the server*.  (It is not a key for the mobile device -- it identifies the server.)

 

... Cert errors on phone and browser ...

Do we have to include this at the server side ?

Yes.  You will need to install the cert where your web server can find it.  Web2py has command line options for specifying where the cert files are.  (These are for Rocket.  If you were using a separate webserver, you'd install the cert according to that webserver's instructions.)

http://web2py.com/books/default/chapter/29/04?search=certificate

The options you should include on the Web2py command line are:
-c server.crt
-k server.key

But go back and take the passphrase off first...

I did not completely understand the last part of the email

"After that, the next step would be looking into how to ask the user if they want to trust it, and how to have the TrustManager accept it.  That is not wasted effort -- it's not just something you'd need during testing -- because asking the user about an untrusted cert comes up in the real world too.  For one thing, it would allow the user to accept certs issued by CACert."

You know how your browser puts up a warning, but lets you go ahead and accept the cert?  That what I mean -- you can have the phone app do the same thing.  That's better than hard-coding in something that accepts the self-signed cert.

But first get the cert in, and try it with the browser.  Once the server is using the cert, the warning you get from the browser should be different -- it should complain about an untrusted cert that's not from a recognized CA, and it should ask if you want to accept it anyway.

-- Pat

[Fran Boon]

What exactly do you need here?
I'm afraid that I don't see anything actionable for me here.

What I'm after is 2 things:
* gis_location records get created for location_id foreign keys
* doc_image records get created for image_id foreign keys

Best Wishes,
Fran.

On 22 November 2012 11:55, Parikshit Deshpande <psde...@ncsu.edu> wrote:
> Hi,
>
> Happy thanksgiving to all !
>
> Fran, we had some python doubts as well :) -

>
> "XForms Generation:
> For the XForms generation through the xforms.py file we went through the
> Geotagger.xml file that is provided on Sahana wiki and also tried to
> understand the basic generation of XML files through python code. However we
> were finding it difficult to proceed with the XForms generation for location
> coordinates. Any startup guidance would really help us to identify things
> that needs to be done."
>

> It would be great if we could setup a small call after thanksgiving if
> possible for you to discuss over this.
>
> Have a nice time everyone.

>
> Thanks and Regards,
> Parikshit Deshpande
>
>
>
>

[Pat Tressel]

Parikshit, et al. --

Fran, we had some python doubts as well :)  -

What exactly do you need here?

I'm afraid that I don't see anything actionable for me here.

If you post on the sahana-eden list, then others can help.  Also, if you *consistently* post on the list, not just occasionally, the rest of us will know what you're talking about.  That will get you better answers.

As I said, Fran is busy with hurricane Sandy response.

Thanks!

-- Pat

[Parikshit Deshpande]

Hi,

I installed the certificates on server side taking off the passphrase. 

After i gave the arguments for including the certs ( I have copied them in web2py directory)

initially i got the error - Warning that SSL was turned off.

I checked the web2py directory, that had ssl folder, so i just ran a build and install of setup.py and tried starting the sever again 

I am now getting - 

Traceback (most recent call last):

  File "C:\Program Files\Eden\web2py\web2py.py", line 20, in <module>

    gluon.widget.start(cron=True)

  File "C:\Program Files\Eden\web2py\gluon\widget.py", line 976, in start

    interfaces=options.interfaces)

  File "C:\Program Files\Eden\web2py\gluon\main.py", line 783, in __init__

    elif not rocket.ssl:

AttributeError: 'module' object has no attribute 'ssl'

I checked for this to find that python should be installed with openssl 

http://theraneman.blogspot.com/2011/07/adding-openssl-support-to-python-right.html

http://paltman.com/2007/11/15/getting-ssl-support-in-python-251/

But i was not able to proceed with it.. It had a few steps regarding changing Modules/setup.dist file which was not there in my Python directory.

Is there any step while configuring web2py that we are missing which has this covered ?

If not how can i get python configured with ssl support ?

Thanks and Regards,

Parikshit Deshpande.

[Pat Tressel]

Parikshit --

I installed the certificates on server side taking off the passphrase.

Good!
 

After i gave the arguments for including the certs ( I have copied them in web2py directory)

initially i got the error - Warning that SSL was turned off.

I checked the web2py directory, that had ssl folder,

I don't know what you mean by that.  Do you mean you created an ssl directory in the web2py directory?  I just checked my web2py directory, and the Web2py repo on Github -- no ssl directory.

You said "folder" -- is the server a Windows machine?  If not, what OS is it running?
 

so i just ran a build and install of setup.py

Do you mean you executed the setup.py that is in the web2py directory?  Didn't it say:

web2py does not require installation and
you should just start it with:
$ python web2py.py
are you sure you want to install it anyway (y/n)?

 

and tried starting the sever again 

You have been starting web2py successfully prior to this -- how do you start it?  From Eclipse? or on the command line with python web2py.py?

A caution (and I don't mean to be rude):  It's better to find out what's really going on, and not just "poke buttons".  Fortunately, that particular thing probably didn't do harm.  ;-)
 

I am now getting - 

Traceback (most recent call last):

  File "C:\Program Files\Eden\web2py\web2py.py", line 20, in <module>

    gluon.widget.start(cron=True)

  File "C:\Program Files\Eden\web2py\gluon\widget.py", line 976, in start

    interfaces=options.interfaces)

  File "C:\Program Files\Eden\web2py\gluon\main.py", line 783, in __init__

    elif not rocket.ssl:

AttributeError: 'module' object has no attribute 'ssl'

(That test of rocket.ssl should really be wrapped in a try block...)

The ssl module is standard for Python 2.6 and 2.7 -- you should not need to install it.  So:

1) Which Python version are you using?

2) Start python on the command line and try to import ssl -- is there an error?

>>> import ssl

I checked for this to find that python should be installed with openssl 

http://theraneman.blogspot.com/2011/07/adding-openssl-support-to-python-right.html

http://paltman.com/2007/11/15/getting-ssl-support-in-python-251/

But i was not able to proceed with it.. It had a few steps regarding changing Modules/setup.dist file which was not there in my Python directory.

In general, you should not touch the Python installation directly unless you are an expert.  ;-)  Unless there is some issue with reading OpenSSL formatted files (and it's not yet getting to the point of actually reading the cert, it seems) you probably don't need anything other than the standard Python ssl module.

So I need to ask (and again, I don't mean to be rude)...

3) Has anyone been making direct changes in the Python installation, not via standard Python installation tools?
 

Is there any step while configuring web2py that we are missing which has this covered ? If not how can i get python configured with ssl support ?

If you are using Python 2.7 or 2.6, you should have the ssl module already.  Please report the answers to 1) and 2) above.

If both of those are fine, i.e. 1) you are using at least Python 2.6 (preferably 2.7) and 2) the import of ssl worked, then that was not the problem.  In that case, in Eclipse, set a breakpoint in gluon/rocket.py right at the top of the file where it tries to import ssl, and another inside the Connection class __init__ where it sets self.ssl (just in case it gets that far).  Single step over the imports and see what it sets has_ssl to.

-- Pat

[Parikshit Deshpande]

Hi,

You said "folder" -- is the server a Windows machine?  If not, what OS is it running?

   -- The server is on Windows. I was mentioning about the Modules directory in python installation, which was mentioned in one of the links

You have been starting web2py successfully prior to this -- how do you start it?  From Eclipse? or on the command line with python web2py.py?

    -- I am starting it from Eclipse. This time i had also given the Program Argument.

1) Which Python version are you using?

   -- 2.7.2

2) Start python on the command line and try to import ssl -- is there an error?

>>> import ssl

   -- No error. 

3) Has anyone been making direct changes in the Python installation, not via standard Python installation tools?

   -- I reported the activities that i did.

Debug Analysis:

   -- try:

    import ssl

    has_ssl = True

except ImportError:

    has_ssl = False

It goes in the except part and sets has_ssl as False.

In the __init__ in gluon , i dint find the code to set self.ssl

Thanks and Regards,

Parikshit Deshpande.

[Pat Tressel]

---------- Forwarded message ----------

From: Pat Tressel <ptre...@myuw.net>
Date: Fri, Nov 23, 2012 at 2:10 AM
Subject: Re: [SahanaEden] Re: [sahana-projects] Blue Print for Mobile Clients
To: Parikshit Deshpande <qpar...@gmail.com>

Parikshit --

The server is running on Windows machine. The folder i was referring to the one that was mentioned in those links - Modules/setup.dist

You have been starting web2py successfully prior to this -- how do you start it?  From Eclipse? or on the command line with python web2py.py?

     - Yes, i have been doing it from Eclipse. this time i had provided the certificates as part of program arguments.

1) Which Python version are you using?

     - 2.7.2

2) Start python on the command line and try to import ssl -- is there an error?

>>> import ssl

      - No error.

3) Has anyone been making direct changes in the Python installation, not via standard Python installation tools?

      - No. I reported the things i tried. 

Debug Analysis:

import ssl failed. it went on to set has_ssl as false.

1) When you tried the import ssl from the command line, was that on the server?  If not, try it on the server.
2) Are you running Eclipse on the server or on some different machine?
3) Is Eclipse using the same copy of python as you are using at the command line?
3) Start Web2py from the command line on the server, not from Eclipse, and see if it still can't find ssl.

In the __init__ from the gluon directory, i couldnt find the code for setting self.ssl.

?  Sounds like you're looking outside of the gluon/rocket.py file.  Here is what I said:

In that case, in Eclipse, set a breakpoint in gluon/rocket.py right at the top of the file where it tries to import ssl, and another inside the Connection class __init__ where it sets self.ssl (just in case it gets that far).

In any case, it failed before that.

-- Pat

 

[Pat Tressel]

Parikshit --

In IRC, if you want to ping someone, include their nick in the message.  But please also ask your question *in the same message*.  It is a waste of time if you say "are you there", then the other person has to ping you in turn, then wait for you to post the question.  What if you're out of the room?  Instead, post the question right away in the same message as the person's nick.  Then they'll see the message and respond.  So the other person doesn't have to sit there waiting for your question, and you don't have to sit there waiting for the response.

-- Pat

[Parikshit Deshpande]

Hi,

1) When you tried the import ssl from the command line, was that on the server?  If not, try it on the server.

    --- I had tried on the command line outside.When tried from inside the web2py directory(from command line), it gave an error 

       

        >>> import ssl

        Traceback (most recent call last):

        File "<stdin>", line 1, in <module>

        File "ssl\__init__.py", line 61, in <module>

        import _ssl2             # if we can't import it, let the error propagate

        ImportError: No module named _ssl2

2) Are you running Eclipse on the server or on some different machine?

     -- Yes. it is running on the server. We have imported the project from the web2py directory and to start the server, we run the project with the following 

arguments:

      "-a password"

      "-i 152.46.20.206"

      "-p 8000"

      "-c server.crt"

      "-k server.key"

3) Is Eclipse using the same copy of python as you are using at the command line?

      -- We checked the version of python on eclipse, its 2.7 . Its interpretor is pointing to the same python installation. 

         in web2py directory also, the python version is 2.7

4) Start Web2py from the command line on the server, not from Eclipse, and see if it still can't find ssl.

      -- Tried this as well. Getting the same exception that we got from eclipse 'module' object has no attribute ssl

Seems like web2py is not pointing to the correct python , which is running from the command line , as from command line

import ssl is working fine.

Thanks and Regards,

Parikshit Deshpande

[Pat Tressel]

Parikshit --

That's a very "interesting" finding!

1) When you tried the import ssl from the command line, was that on the server?  If not, try it on the server.

    --- I had tried on the command line outside.When tried from inside the web2py directory (from command line), it gave an error

Just to make sure I know what you mean...  You're logged in on the server, and start a command prompt (cmd.exe), if you are cd'd to (say) your own directory, and start Python with just the bare "python" command, it finds ssl, but then you cd to the web2py directory, do the same thing, and it doesn't find ssl?  There's a possibility that there's a PYTHONPATH defined, and it includes a relative directory and that directory is reachable when you're cd'd into web2py.  I didn't find an ssl directory hiding in the web2py directory, but maybe yours has one.

So besides two copies of Python, another possibility is that there's something odd in the PYTHONPATH or sys.path.  So let's check all of these, in the two cases above where you get different results from import ssl -- cd'd to some directory outside the web2py directory, and then in the web2py directory.  Try these in both cases:

At the Windows command prompt, check your PATH and python version:

echo %PATH%
python --version

Start Python:

python

Check sys.path and PYTHONPATH.

import sys
print sys.path
import os
print os.environ["PYTHONPATH"]

You may not have a PYTHONPATH -- that's ok.

This is getting a little spooky -- maybe your server has gremlins.  ;-)

Or maybe it has Cygwin.  That might lead to having two copies of Python.  One might unexpectedly run Cygwin's Python instead of a directly-installed Python if Cygwin has Python included and Cygwin's bin directory is in PATH (either for a specific user or for the system).  Usually Cygwin is installed in C:\cygwin on a non-server machine.  I have Cygwin installed, and had to rename its copy of Python to make sure I didn't accidentally run it.

Actually, Cygwin might be useful here, especially the "which" command, that would tell us where the system was finding Python.  There's likely a Windows equivalent...
 

     

        >>> import ssl

        Traceback (most recent call last):

        File "<stdin>", line 1, in <module>

        File "ssl\__init__.py", line 61, in <module>

        import _ssl2             # if we can't import it, let the error propagate

        ImportError: No module named _ssl2

Oho.  So it found something with the name ssl, but that ssl is broken.

Let me go find my Python's copy of ssl, and see if it has code like that.  (There's also the add-on ssl package for older versions of Python -- can check there too, but that's unlikely to be involved.  Would mean there were two Python installations, both 2.7, one with the real ssl and one with its ssl overwritten with the old add-on package.)

 As mentioned, a quick look didn't turn up anything called ssl under the web2py directory.
 

3) Is Eclipse using the same copy of python as you are using at the command line?

      -- We checked the version of python on eclipse, its 2.7 . Its interpretor is pointing to the same python installation. 

Ok good!  This is looking more like a path issue then.

Just in case...there are two places where the Python interpreter can be set.  One is:

Project -> Properties -> PyDev Interpreter/Grammar

and the other is:

Run -> Run Configurations -> (the config you use to start Web2py) -> Interpreter
 

         in web2py directory also, the python version is 2.7

4) Start Web2py from the command line on the server, not from Eclipse, and see if it still can't find ssl.

;-)  Thanks for catching 3) -> 4).
 

      -- Tried this as well. Getting the same exception that we got from eclipse 'module' object has no attribute ssl

Seems like web2py is not pointing to the correct python , which is running from the command line , as from command line import ssl is working fine.

Let me go see if I can track down that ssl/__init__.py that has import _ssl2.  In the meantime, try the check of Windows PATH, Python's sys.path and PYTHONPATH, and see if you can find out if Cygwin is installed.

Thanks!

-- Pat

[Pat Tressel]

Parikshit --

Here's another way to see where Python is finding ssl in the two cases -- start it with its verbose option on:

python -v

That will print a lot as Python starts up, as it's going to say where it's finding everything it imports.  Once it gets to the prompt, do the import ssl and see where it finds ssl.

-- Pat

[Pat Tressel]

Parikshit --

     

        >>> import ssl

        Traceback (most recent call last):

        File "<stdin>", line 1, in <module>

        File "ssl\__init__.py", line 61, in <module>

        import _ssl2             # if we can't import it, let the error propagate

        ImportError: No module named _ssl2

Oho.  So it found something with the name ssl, but that ssl is broken.

Let me go find my Python's copy of ssl, and see if it has code like that.

Nope -- the "real" ssl is just a file, ssl.py.
 

(There's also the add-on ssl package for older versions of Python -- can check there too, but that's unlikely to be involved.  Would mean there were two Python installations, both 2.7, one with the real ssl and one with its ssl overwritten with the old add-on package.)

...

Let me go see if I can track down that ssl/__init__.py that has import _ssl2.

Yep -- it's the add-on package for old versions of Python.

How was Web2py installed on the server?  Was it the bundle "For Windows" gotten from here:
http://www.web2py.com/examples/default/download
That one comes with its own copy of Python.  But if you just start python at the command prompt, you shouldn't get the one that came with the Web2py installer.  Unless...

Does your Windows executable Path include the local directory?  (Don't do this!!!  I'm just asking...)  (I've been saying PATH -- Windows doesn't care about case, but it's shown as Path in "System properties".)

-- Pat

[Parikshit Deshpande]

Hi,

I have bolded my replies for the 3 messages :

Just to make sure I know what you mean...  You're logged in on the server, and start a command prompt (cmd.exe), if you are cd'd to (say) your own directory, and start Python with just the bare "python" command, it finds ssl, 

but then you cd to the web2py directory, do the same thing, and it doesn't find ssl? 

-- Yes. It gives the error.

echo %PATH% 

-- For python, this has the path of the normal python installation - 

   %PATH%;C:\Python27

import sys

print sys.path

-- This gave the following from both outside and inside web2py directory- 

   

   ['', 'C:\\Python27\\python27.zip', 'C:\\Python27\\DLLs', 'C:\\Python27\\lib', 'C

:\\Python27\\lib\\plat-win', 'C:\\Python27\\lib\\lib-tk', 'C:\\Python27', 'C:\\P

ython27\\lib\\site-packages', 'C:\\Python27\\lib\\site-packages\\win32', 'C:\\Py

thon27\\lib\\site-packages\\win32\\lib', 'C:\\Python27\\lib\\site-packages\\Pyth

onwin']

You may not have a PYTHONPATH -- that's ok. 

-- Yes, it did not find PYTHONPATH

Or maybe it has Cygwin.....

-- I do have a Cygwin directory in C. However the paths at both the places are showing the C:\Python version.

Run -> Run Configurations -> (the config you use to start Web2py) -> Interpreter

-- Had missed this one, but i tried with this as well. It was not able to import ssl

---------------------------------------------------------------------------------------------

python -v 

Tried this from both the directories to find different outcomes .. 

From my home folder it was able to find ssl in correct path.

import _socket # dynamically loaded from C:\Python27\DLLs\_socket.pyd

import _ssl # dynamically loaded from C:\Python27\DLLs\_ssl.pyd

# C:\Python27\lib\socket.pyc matches C:\Python27\lib\socket.py

import socket # precompiled from C:\Python27\lib\socket.pyc

 --  From web2py directory it started looking for ssl2 : but again from the correct python path

import encodings.cp437 # precompiled from C:\Python27\lib\encodings\cp437.pyc

import ssl # directory ssl

# ssl\__init__.pyc matches ssl\__init__.py

import ssl # precompiled from ssl\__init__.pyc

Traceback (most recent call last):

  File "<stdin>", line 1, in <module>

  File "ssl\__init__.py", line 61, in <module>

    import _ssl2             # if we can't import it, let the error propagate

ImportError: No module named _ssl2

_____________________________________________________________________________________________

Would mean there were two Python installations, both 2.7, 

one with the real ssl and one with its ssl overwritten with the old add-on package.)

--This seems to be the issue i guess here, ssl seems to be overridden. Is there any way to 

fix that, without re installing everything again?

How was Web2py installed on the server?  Was it the bundle "For Windows" gotten from here: 

http://www.web2py.com/examples/default/download

 -- No, we had installed this one - 

 http://eden.sahanafoundation.org/wiki/InstallationGuidelines/Windows/Developer/Installer

 

 Should i try changing with the Cygwin directory ? (Renaming that copy of python) ?? 

 

 Thanks and Regards,

 Parikshit Deshpande.

[Pat Tressel]

Parikshit --

Hmm...  Why don't we try to arrange a time for a Skype chat where you can share your screen with terminal windows open on the machine having this issue?  Would your IT folks allow that?  I bet we could clear this up quickly...

You're logged in on the server, and start a command prompt (cmd.exe), if you are cd'd to (say) your own directory, and start Python with just the bare "python" command, it finds ssl, 

but then you cd to the web2py directory, do the same thing, and it doesn't find ssl? 

-- Yes. It gives the error.

echo %PATH% 

I meant, do that command and see what you get.  Does it have something in it that evaluates to the current directory, such as %CD%?  That's something that would cause the path to change with a directory change.
 

-- For python, this has the path of the normal python installation - 

   %PATH%;C:\Python27

Hmm...it seems not possible for that to be the output of echo %PATH%.
 

import sys

print sys.path

-- This gave the following from both outside and inside web2py directory- 

   

   ['', 'C:\\Python27\\python27.zip', 'C:\\Python27\\DLLs', 'C:\\Python27\\lib', 'C:\\Python27\\lib\\plat-win', 'C:\\Python27\\lib\\lib-tk', 'C:\\Python27', 'C:\\Python27\\lib\\site-packages', 'C:\\Python27\\lib\\site-packages\\win32', 'C:\\Python27\\lib\\site-packages\\win32\\lib', 'C:\\Python27\\lib\\site-packages\\Pythonwin']

Did you cd to each directory at the command prompt (not within Python), then start python, then check sys.path?

 

Or maybe it has Cygwin.....

-- I do have a Cygwin directory in C. However the paths at both the places are showing the C:\Python version.

If they're the same, you can't...

Should i try changing with the Cygwin directory ? (Renaming that copy of python) ??

:-)

 

Run -> Run Configurations -> (the config you use to start Web2py) -> Interpreter

-- Had missed this one, but i tried with this as well. It was not able to import ssl

python -v 

Tried this from both the directories to find different outcomes .. 

Which were...?
 

Would mean there were two Python installations, both 2.7, one with the real ssl and one with its ssl overwritten with the old add-on package.)

--This seems to be the issue i guess here, ssl seems to be overridden. Is there any way to fix that, without re installing everything again?

Don't know without knowing the cause.

How was Web2py installed on the server?  Was it the bundle "For Windows" gotten from here: 

http://www.web2py.com/examples/default/download

 -- No, we had installed this one - 

 http://eden.sahanafoundation.org/wiki/InstallationGuidelines/Windows/Developer/Installer

That comes with its own Python, too, though it shouldn't try to install over an existing copy of Python.

What you're reporting isn't consistent -- different versions but the same path.  ;-)   So I expect a Skype session would be the best way to proceed.  Why don't you ask your IT folks if they'll allow that?

-- Pat

[Parikshit Deshpande]

Sure. 

I have setup skype (and also teamviewer in case needed) on the remote machine.

My skype id - parikshitdeshpande

I discussed with my team members for a suitable time. 

Is 30 Nov, 2.30 PM (EST .. 7.30 PM GMT) ok for you ? 

In case it is not then i can join earlier from 10.00 AM - 12.30 PM ( EST) .

Thanks,
Parikshit 

[Pat Tressel]

Parikshit, et al. --

I have setup skype (and also teamviewer in case needed) on the remote machine.

My skype id - parikshitdeshpande

I'll send a connect request.
 

I discussed with my team members for a suitable time. 

Is 30 Nov, 2.30 PM (EST .. 7.30 PM GMT) ok for you ? 

That's fine -- I'm in PST.

-- Pat

[Pat Tressel]

Hi, everyone!

That Skype call was pretty productive!  And the connection was clear right up until it quit working.  ;-)  (But that wasn't Skype's fault, in fairness.)

So now we know:

• You have just one Python installed, but Web2py found the obsolete SSL package in its module search path -- there was an ssl folder right in the web2py folder.
  
• One of our Windows installers has that obsolete SSL package in it.
  
• Once we got rid of that, Web2py seemed to run ok, so that might be the only bad package in the installer.  Maybe.  ;-)
• Web2py command options in the Eclipse run configuration shouldn't have quotes around them like "-x blah", or else the space gets included in the argument.  (It's fine to quote arguments to the options, like -x "bl ah", e.g. if there are paths with spaces.)
  
• We also put all the options on the same line -- since we didn't try without that, we don't know if that was necessary.
  
• Your self-signed SSL certificate worked!!

Yay!

-- Pat

[altafhussain palanawala]

Hi Pat,

Just to brief you up with our installation process that we followed to set up Sahana Eden server and the ODK Collect Client.

1. The ODK Collect Client was downloaded and installed from this site:

http://code.google.com/p/opendatakit/downloads/list/

2. The web2py server was forked from Fran's github directory:

https://github.com/flavour/eden/fork_select

3. To start the Eden Server we followed the installation guideliness given here

eden.sahanafoundation.org/wiki/InstallationGuideliness/

4. The python.exe version required for the web2py server was downloaded from the following link.

http://eden.sahanafoundation.org/Eden-Python-Installer-Dev.exe

5. Also, while running the server, we gave 152.46.20.206 as the hostname ( which is a public IP ) and the port number as 8000. ( We used public IP since we were facing issues to get the ODK Collect Client connect with Sahana Eden server when the server runs on local host -> 127.0.0.1:8000 )

-- Pat

--
You received this message because you are subscribed to the Google Groups "Sahana-Eden" group.
To post to this group, send email to sahan...@googlegroups.com.
To unsubscribe from this group, send email to sahana-eden...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

--
Regards,
Altaf Hussain

[Pat Tressel]

Hi, Altaf !

Just to brief you up with our installation process that we followed to set up Sahana Eden server and the ODK Collect Client.

Thanks!!

-- Pat