fedora-infra / fas Goto Github PK
View Code? Open in Web Editor NEWFedora Account System
Home Page: https://admin.fedoraproject.org/accounts
License: GNU General Public License v2.0
Fedora Account System
Home Page: https://admin.fedoraproject.org/accounts
License: GNU General Public License v2.0
FAS 3.0 should be able to support group hierarchy.
If we intend to adopt this "everywhere" it would be nice to have a good central link.
I had my koji certificate revoked for some reason and I needed to renew it. All account settings are typically in the account page: https://admin.fedoraproject.org/accounts/user/view/xuser . That includes ssh keys etc.
However, the koji keys, or documentation on how to renew them is not there. I believe that this is an omission, which if added it would simplify by moving all account info to a single page.
https://fedoraproject.org/wiki/Using_the_Koji_build_system
When you update your location (Latitude and Longitude fields) using "," as a decimal separator, the server returns an error 500 and do not update the profile, if you use "." as the decimal separator it updates the profile OK.
Locales tested: en, es
Create and delete licenses from settings' page.
License can't be deleted if attached to any of registered groups.
Pop up a dialog about it and request some action before be able to delete
selected group.
I love FAS, but perhaps we could implement 2step verification to the login. One could disable or enable it. If it is enabled on an account, then a 2stepcode
should be passed as a parameter to FAS upon authentication, and should be asked from the user if the user is accessing the page through a browser.
We could use Google Authenticator (http://stackoverflow.com/questions/8529265/google-authenticator-implementation-in-python, https://code.google.com/p/google-authenticator/)
This is just an idea; if we were to implement it, a lot of work would go into making it work. Ideas appreciated.
The GPG key id is only a part of the keys fingerprint (at least for current keys) and only the fingerprint properly identifies an keys. Therefore FAS should require fingerprints of users' GPG keys instead of only key ids to be able to do something meaningful with this information. Alternatively users could be allowed to upload a public GPG key.
I just saw a user do this. All they did was upload a new public ssh key, but fedmsg said that:
fas.user.update -- wacker edited the following fields of wacker's FAS profile: ssh_key, ircnick, gpg_keyid,
comments, locale
/cc @DAWacker
IDEA:
Would be nice to allow user to customize their shell or shell's env when they have shell access to server.
Admin would be able to allow what type of shell a group (which allow access to server) can offer and if you can actually customize it for this group you have just been in.
See:
https://fedorahosted.org/fedora-infrastructure/ticket/4259
Basically we want some way to bless some users (probibly by adding them to a group like 'can_inactivate') that should be allowed to inactivate other users. This is a small subset of what the accounts group can do, we just want to split it out.
Hi,
1/ https://admin.fedoraproject.org/accounts/
2/ select "fr" for locale
3/ login
4/ text is in English because my profile default is "locale=en"
=> I find weird
can we make those fix ?
btw, that "locale setting" is interesting, does it have some usages in other context ?
The current "My account" section shows the SSH key on a single line, but this causes the page to stretch a lot to the right. Enabling text-wrapping on the SSH key would be beneficial.
It should be handled and we should render an error…
On creating a new account with a security question:
[Tue Dec 23 20:03:19 2014] [error] cherrypy.msg INFO HTTP: Page handler: <bound method User.create of <fas.user.U
ser object at 0x7f5519c32810>>
[Tue Dec 23 20:03:19 2014] [error] Traceback (most recent call last):
[Tue Dec 23 20:03:19 2014] [error] File "/usr/lib/python2.6/site-packages/CherryPy-2.3.0-py2.6.egg/cherrypy/_cp
httptools.py", line 121, in _run
[Tue Dec 23 20:03:19 2014] [error] self.main()
[Tue Dec 23 20:03:19 2014] [error] File "/usr/lib/python2.6/site-packages/CherryPy-2.3.0-py2.6.egg/cherrypy/_cp
httptools.py", line 264, in main
[Tue Dec 23 20:03:19 2014] [error] body = page_handler(_virtual_path, *_self.params)
[Tue Dec 23 20:03:19 2014] [error] File "", line 3, in create
[Tue Dec 23 20:03:19 2014] [error] File "/usr/lib/python2.6/site-packages/turbogears/controllers.py", line 361,
in expose
[Tue Dec 23 20:03:19 2014] [error] _args, *_kw)
[Tue Dec 23 20:03:19 2014] [error] File "", line 0, in run_with_transaction
[Tue Dec 23 20:03:19 2014] [error] File "/usr/lib/python2.6/site-packages/peak/rules/core.py", line 153, in c
all
[Tue Dec 23 20:03:19 2014] [error] return self.body(_args, *_kw)
[Tue Dec 23 20:03:19 2014] [error] File "/usr/lib/python2.6/site-packages/turbogears/database.py", line 458, in
sa_rwt
[Tue Dec 23 20:03:19 2014] [error] retval = func(_args, *_kw)
[Tue Dec 23 20:03:19 2014] [error] File "/usr/lib/python2.6/site-packages/turbogears/controllers.py", line 244, in _expose
[Tue Dec 23 20:03:19 2014] [error] @abstract()
[Tue Dec 23 20:03:19 2014] [error] File "", line 0, in _expose
[Tue Dec 23 20:03:19 2014] [error] File "/usr/lib/python2.6/site-packages/peak/rules/core.py", line 153, in c
all
[Tue Dec 23 20:03:19 2014] [error] return self.body(_args, *_kw)
[Tue Dec 23 20:03:19 2014] [error] File "/usr/lib/python2.6/site-packages/turbogears/controllers.py", line 390, in
[Tue Dec 23 20:03:19 2014] [error] fragment, options, args, kw)))
[Tue Dec 23 20:03:19 2014] [error] File "/usr/lib/python2.6/site-packages/turbogears/controllers.py", line 425, in _execute_func
[Tue Dec 23 20:03:19 2014] [error] output = errorhandling.try_call(func, _args, *_kw)
[Tue Dec 23 20:03:19 2014] [error] File "/usr/lib/python2.6/site-packages/turbogears/errorhandling.py", line 77, in try_call
[Tue Dec 23 20:03:19 2014] [error] return func(self, _args, *_kw)
[Tue Dec 23 20:03:19 2014] [error] File "", line 3, in create
[Tue Dec 23 20:03:19 2014] [error] File "/usr/lib/python2.6/site-packages/turbogears/controllers.py", line 207, in validate
[Tue Dec 23 20:03:19 2014] [error] return errorhandling.run_with_errors(errors, func, _args, *_kw)
[Tue Dec 23 20:03:19 2014] [error] File "/usr/lib/python2.6/site-packages/turbogears/errorhandling.py", line 118, in run_with_errors
[Tue Dec 23 20:03:19 2014] [error] return func(self, _args, *_kw)
[Tue Dec 23 20:03:19 2014] [error] File "/usr/lib/python2.6/site-packages/fas/user.py", line 959, in create
[Tue Dec 23 20:03:19 2014] [error] telephone, postal_address, age_check)
[Tue Dec 23 20:03:19 2014] [error] File "/usr/lib/python2.6/site-packages/fas/user.py", line 1014, in create_user
[Tue Dec 23 20:03:19 2014] [error] person.security_answer = encrypt_text(config.get('key_securityquestion'), security_answer)
[Tue Dec 23 20:03:19 2014] [error] File "/usr/lib/python2.6/site-packages/fas/lib/gpg.py", line 28, in encrypt_text
[Tue Dec 23 20:03:19 2014] [error] recipient = ctx.get_key(receiver)
[Tue Dec 23 20:03:19 2014] [error] GpgmeError: (7, 16383, u'End of file')
[Tue Dec 23 20:03:19 2014] [error]
We should check if domain's email exist and valid before insert/update to database person info.
From the perspective of FAS alone, it is neat that you can choose to change the id
used to generate your libravatar.
However, when considering multiple systems interacting together, I'm not sure this is a net gain. If the user changes their libravatar key to be something else (say, [email protected]). Our other systems that expect to lookup their libravatar as '[email protected]' will get the "wrong image" compared to the one they have set in FAS.
I'd be glad to make the code changes to restrict this to only one kind of value (one that matches the way all our other systems do it (badges, bodhi2, trac, pkgdb, fedmenu, etc..)) but I want to check with @laxathom first.
There is no pagination in the user list, the returned data is limited to a certain length.
FAS 3.0 should be able to create virtual user (only by admin or group admin)
See: https://fedorahosted.org/fas/ticket/172
We can do this by adding the keyword to the regex's list in ValidSSHKey validator.
Used to have the key set starting with 0x, got some error on visiting the link. I noticed the hint indicates it's not supported. Might be better if either the link wasn't active in that case or the link formatter managed to cope with that.
A requirements.txt
would be very helpful. It was really annoying to find the needed dependencies, since they were not clearly listed or provided in a requirements file.
At least one user in FAS wants to specify two GPG key ids, therefore please allow to specify multiple GPG keys, maybe even allow one to be the primary one.
This is from:
https://fedorahosted.org/fedora-infrastructure/ticket/1312
Basically it would be nice when rejecting a user from group membership to optionally have a text field you could enter some text into that would go to the user along with the rejection. Something like "Sorry, you need to do x,y,z before joining" or "please reapply after you do X"
This isn't so much a big deal anymore since we have invite only groups, but it would be nice anyhow.
Thoughts?
FAS has documented the steps to make a new release in the HACKING file. This needs to be updated to use github and git flow instead of generic git against fedorahosted.org. You can look at the packagedb or python-fedora release steps for ideas:
Note that fas has a po compilation step built into its setup.py so it may not need to do some of the steps that those projects have.
Full trace follows:
Traceback (most recent call last):
File "/home/ricky/.virtualenvs/fas-python2.7/lib/python2.7/site-packages/pyramid_debugtoolbar-2.3-py2.7.egg/pyramid_debugtoolbar/toolbar.py", line 178, in toolbar_tween
response = _handler(request)
File "/home/ricky/.virtualenvs/fas-python2.7/lib/python2.7/site-packages/pyramid_debugtoolbar-2.3-py2.7.egg/pyramid_debugtoolbar/panels/performance.py", line 57, in resource_timer_handler
result = handler(request)
File "/home/ricky/.virtualenvs/fas-python2.7/lib/python2.7/site-packages/pyramid-1.5.2-py2.7.egg/pyramid/tweens.py", line 21, in excview_tween
response = handler(request)
File "/home/ricky/.virtualenvs/fas-python2.7/lib/python2.7/site-packages/pyramid_tm-0.10-py2.7.egg/pyramid_tm/__init__.py", line 95, in tm_tween
reraise(*exc_info)
File "/home/ricky/.virtualenvs/fas-python2.7/lib/python2.7/site-packages/pyramid_tm-0.10-py2.7.egg/pyramid_tm/__init__.py", line 76, in tm_tween
response = handler(request)
File "/home/ricky/.virtualenvs/fas-python2.7/lib/python2.7/site-packages/pyramid-1.5.2-py2.7.egg/pyramid/router.py", line 163, in handle_request
response = view_callable(context, request)
File "/home/ricky/.virtualenvs/fas-python2.7/lib/python2.7/site-packages/pyramid-1.5.2-py2.7.egg/pyramid/config/views.py", line 329, in attr_view
return view(context, request)
File "/home/ricky/.virtualenvs/fas-python2.7/lib/python2.7/site-packages/pyramid-1.5.2-py2.7.egg/pyramid/config/views.py", line 305, in predicate_wrapper
return view(context, request)
File "/home/ricky/.virtualenvs/fas-python2.7/lib/python2.7/site-packages/pyramid-1.5.2-py2.7.egg/pyramid/config/views.py", line 355, in rendered_view
result = view(context, request)
File "/home/ricky/.virtualenvs/fas-python2.7/lib/python2.7/site-packages/pyramid-1.5.2-py2.7.egg/pyramid/config/views.py", line 501, in _requestonly_view
response = view(request)
File "/home/ricky/devel/python/fedora/fas/fas/api/groups.py", line 63, in group_list
data.set_pages('groups', page, limit)
File "/home/ricky/devel/python/fedora/fas/fas/api/__init__.py", line 44, in set_pages
pages = compute_list_pages_from(obj, limit)[0]
File "/home/ricky/devel/python/fedora/fas/fas/utils/__init__.py", line 53, in compute_list_pages_from
return (int(ceil(float(count) / float(limit))), int(count))
ValueError: could not convert string to float: groups
First filed downstream here: https://fedorahosted.org/fedora-infrastructure/ticket/3946
It would be cool if we could keep a user profile/bio field in FAS (in markdown or asciidoc) so that we could render it in other places (the badges app, for instance).
From fedora webmaster mail:
"
Hi,
there is a typo in czech translation of page title on fas user detail page:
https://admin.fedoraproject.org/accounts/user/view/jdornak
The title is now: "Prohlážet účet", but should be "Prohlížet účet".
Regards,
QB
"
Relevant file:
https://github.com/fedora-infra/fas/blob/develop/po/cs.po
I have just updated my email in my Fedora Account. An email got sent out to the old address with a notification, all seems well.
However, the new email address is not listed in the email that should show the changes? No email address is displayed there at all.
It is good to have the notification of the change sent to the old address, but it surely should include the changed address :-)
When displaying an account that you do not own, we hide the security question and answer. It would be nice to display that a security question is present, just not the value of it.
May need to use a sentinel value because I believe we use filter_private to remove the security_question before we return the data to the template.
From:
https://fedorahosted.org/fedora-infrastructure/ticket/1905
If we had a bugzilla account field, we could use that to figure out what someones bugzilla account was. It could/should just default to the same as their email address, but if set differently it could be used for bugzilla permissions syncing and the like. This would mean we would not need to keep some mapping config like we currently do in python-fedora.
Currently on all Fedora's and RHEL7, fas is not creating the nss db files it makes the way that glibc expects them. This results in users not getting any groups on login and having to run 'newgrp' all the time.
fas just calls "makedb" with the data, but thats not sufficent, apparently a initgroups header is needed.
Look at /var/db/Makefile for the awk thats called before makedb for groups (or anything else) and add this handling to fas.
Happy to provide more info, etc.
Some users are concerned that when they change account data, fas sends them an email with their name, phone, etc. This email could be intercepted or viewed along the way.
Perhaps we could just do the same thing we do for password changes? ie, have a link where we say someone has changed your account, login here to see the changes? Possibly still with a list of those changes (since we expose them via fedmsg anyhow). Ie:
Someone (hopefully you) has changed: ircnick, privacy on your account, go to https://fasserver/accounts/whatever to see the changes?
Filing this comment as an official bug for tracking:
see related trac ticket https://fedorahosted.org/fedora-infrastructure/ticket/4569
Again, filing this comment as an official bug so it can be tracked:
Groups' management re-design:
Those are my notes that I save here to track related commits
The requirements for a FAS password are mad, offering no real sense of security. It's better to force long passwords, than forcing into deprecated schemes with special characters, numbers and uppercase letters.
Reference:
https://pbs.twimg.com/media/BhkZoPrCYAEF8ww.png:large
http://xkcd.com/936/
Person A uses Language X
Person B uses Language Y
When Person A alters the status of Person B in a group that Person A has control over, the email that gets sent to Person B is in Language X instead of in Language Y.
E.g. I use English but @puiterwijk does not. When @puiterwijk upgraded my status in a group tonight, the email I received was in his language preference, not English:
puiterwijk <[email redacted]> heeft u opgewaardeerd naar administrator status in de
'sysadmin-jenkins' groep van het Fedora Accounts System Deze verandering treedt
direct in, en heeft binnen een uur invloed op de de e-mail
aliassen.
We currently fatal/throw/500 when you go to: https://admin.fedoraproject.org/accounts/user/view/codeblock/foo
We should 404 instead.
See:
https://lists.fedoraproject.org/pipermail/infrastructure/2013-March/012651.html
In general it would be nice to note when someone is creating a new account what fields are optional or not needed so they can ignore them if they choose to.
This could be adding (optional) next to those fields, or perhaps putting a * next to the required fields or something.
Very large numbers are allowed when latitude should be between -90 and +90 and longitude between -180 and 180.
If you click by accident on 'Remove me' on a group page, it just proceeds without asking first for confirmation: "Are you sure you want to remove yourself from the group?"
The .fas command in zodbot searches FAS username, full names, emails, and IRC nicks for a string. To do this, upon loading the supybot-fedora plugin, it requests a list of every single user in FAS, and creates a fairly large dictionary containing the search strings. This has multiple problems.
If there was an endpoint where zodbot could search usernames, full names, emails, and IRC nicks, supybot-fedora would be able to drop the large in-memory database and the 6-minute load time.
FAS 3.0 should offer to admin a way to manage some of fas's settings.
Would be nice for admins to have a way to add comments to an account. In particular when admin locking them.
Contributors would be able to connect their Fedora account to twitter which will
allow them to share any events from Fedora services (builds, pkgs updates, badges, etc)
Use as backend for People and Groups.
We still are gonna use the db for everything else which mean,
feature should be done without having to change high level code which do
requests to People and Groups' objects.
People will be allowed to check their account activities from their profile's page.
Here's what type of info they will have
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.