TagToRdf takes max 3 arguments. See here
This third argument is for desired output format. ("RDF/XML-ABBREV"; "RDF/XML"; "N-TRIPLET"; "TURTLE").
Default format should be "RDF/XML-ABBREV".
You can include this output format drop down field in the convert form and modify call method accordingly.

(Extra points if you can modify the API for the same too! 💥 )

@rtgdk I find that there are two requirements file and two src directories.
I need your help with understanding how the repo is structured.

Another tiny request (Personal thoughts): Please do a pip freeze and modify the requirements.txt for jpype1 and Django-downloadview

i.e. lock down to specific versions of the libraries. This will help avoid bugs/deprecations with future versions. Each time, If there be a need to use a higher version, we can bump up the requirements.txt and have a new release generated. Wanted to hear to your thoughts.

I'm getting the following error when accessing the new license request module:

Request Method: | GET
-- | --
http://13.57.134.254/app/license_requests/
1.11.2
OperationalError
no such table: app_licenserequest
/home/ubuntu/.local/lib/python2.7/site-packages/django/db/models/sql/compiler.py in execute_sql, line 886
/usr/local/bin/uwsgi
2.7.12
['.',  '',  '/usr/lib/python2.7',  '/usr/lib/python2.7/plat-x86_64-linux-gnu',  '/usr/lib/python2.7/lib-tk',  '/usr/lib/python2.7/lib-old',  '/usr/lib/python2.7/lib-dynload',  '/home/ubuntu/.local/lib/python2.7/site-packages',  '/usr/local/lib/python2.7/dist-packages',  '/usr/lib/python2.7/dist-packages']
Mon, 1 Oct 2018 16:58:07 +0000

I ran the makemigrations and migrate django commands, but no updates were applied.

@rtgdk @gaalocastillo Let me know if you have any suggestions.

There is a minor security vulnerability in django version 1.11.18. We should upgrade to django ~> 1.11.18.

Note: related to issue #58

When switching from text editor to tree editor and back to text editor the pretty printing is lost i.e. the newline and whitespace characters are deleted.
Before

After

It would be nice if we could keep the pretty printing intact.

Add a basic template showing a 404 and 500 error when the user enters an invalid URL or there is some error.

The xml-editor and license-submittal branch should be merged into master so that the user can make use of all the features of the website.

I'm thinking this may be due to an incorrect version on the dependencies.

@techytushar @rtgdk Can you take a look and let me know if you have any thoughts on debugging?

Below is the stack trace:

Environment:


Request Method: GET
Request URL: http://13.57.134.254/oauth/complete/github/?redirect_state=5LC87E172cZinkKB9mTGcIBKfMnrYUCr&code=bc2dde0a62f7651ceee9&state=5LC87E172cZinkKB9mTGcIBKfMnrYUCr

Django Version: 1.11.2
Python Version: 2.7.12
Installed Applications:
['django.contrib.admin',
 'django.contrib.auth',
 'django.contrib.contenttypes',
 'django.contrib.sessions',
 'django.contrib.messages',
 'django.contrib.staticfiles',
 'app',
 'api',
 'rest_framework',
 'social_django']
Installed Middleware:
['django.middleware.security.SecurityMiddleware',
 'django.contrib.sessions.middleware.SessionMiddleware',
 'django.middleware.common.CommonMiddleware',
 'django.middleware.csrf.CsrfViewMiddleware',
 'django.contrib.auth.middleware.AuthenticationMiddleware',
 'django.contrib.messages.middleware.MessageMiddleware',
 'django.middleware.clickjacking.XFrameOptionsMiddleware',
 'social_django.middleware.SocialAuthExceptionMiddleware']



Traceback:

File "/home/ubuntu/.local/lib/python2.7/site-packages/django/core/handlers/exception.py" in inner
  41.             response = get_response(request)

File "/home/ubuntu/.local/lib/python2.7/site-packages/django/core/handlers/base.py" in _get_response
  187.                 response = self.process_exception_by_middleware(e, request)

File "/home/ubuntu/.local/lib/python2.7/site-packages/django/core/handlers/base.py" in _get_response
  185.                 response = wrapped_callback(request, *callback_args, **callback_kwargs)

File "/home/ubuntu/.local/lib/python2.7/site-packages/django/views/decorators/cache.py" in _wrapped_view_func
  57.         response = view_func(request, *args, **kwargs)

File "/home/ubuntu/.local/lib/python2.7/site-packages/django/views/decorators/csrf.py" in wrapped_view
  58.         return view_func(*args, **kwargs)

File "/usr/local/lib/python2.7/dist-packages/social_django/utils.py" in wrapper
  49.             return func(request, backend, *args, **kwargs)

File "/usr/local/lib/python2.7/dist-packages/social_django/views.py" in complete
  33.                        *args, **kwargs)

File "/usr/local/lib/python2.7/dist-packages/social_core/actions.py" in do_complete
  41.         user = backend.complete(user=user, *args, **kwargs)

File "/usr/local/lib/python2.7/dist-packages/social_core/backends/base.py" in complete
  40.         return self.auth_complete(*args, **kwargs)

File "/usr/local/lib/python2.7/dist-packages/social_core/utils.py" in wrapper
  252.             return func(*args, **kwargs)

File "/usr/local/lib/python2.7/dist-packages/social_core/backends/oauth.py" in auth_complete
  405.                             *args, **kwargs)

File "/usr/local/lib/python2.7/dist-packages/social_core/utils.py" in wrapper
  252.             return func(*args, **kwargs)

File "/usr/local/lib/python2.7/dist-packages/social_core/backends/oauth.py" in do_auth
  416.         return self.strategy.authenticate(*args, **kwargs)

File "/usr/local/lib/python2.7/dist-packages/social_django/strategy.py" in authenticate
  107.         return authenticate(*args, **kwargs)

File "/home/ubuntu/.local/lib/python2.7/site-packages/django/contrib/auth/__init__.py" in authenticate
  70.             user = _authenticate_with_backend(backend, backend_path, request, credentials)

File "/home/ubuntu/.local/lib/python2.7/site-packages/django/contrib/auth/__init__.py" in _authenticate_with_backend
  115.     return backend.authenticate(*args, **credentials)

File "/usr/local/lib/python2.7/dist-packages/social_core/backends/base.py" in authenticate
  80.         return self.pipeline(pipeline, *args, **kwargs)

File "/usr/local/lib/python2.7/dist-packages/social_core/backends/base.py" in pipeline
  83.         out = self.run_pipeline(pipeline, pipeline_index, *args, **kwargs)

File "/usr/local/lib/python2.7/dist-packages/social_core/backends/base.py" in run_pipeline
  112.             func = module_member(name)

File "/usr/local/lib/python2.7/dist-packages/social_core/utils.py" in module_member
  59.     return getattr(module, member)

Exception Type: AttributeError at /oauth/complete/github/
Exception Value: 'module' object has no attribute 'save_profile'

We can add a Edit XML button besides the Download XML button on the license_requests page which would open the XML file in the editor so that the user can edit it further. Will that be a good idea @goneall @rtgdk

Can we rename the "Notes" field to "Comments" and make the text box bigger, and move it to the bottom of the form?

"Notes" are an official field in the SPDX License List, but I don't think that is really needed at this point in the process.
We do need and want to enable a place for longer comments, as people often include in the current email submission, e.g., where the license is used should be included here

is it possible to add some instructions at the top of the page?

similarly, could we add hints for how to fill out some of the fields - maybe via a popup or via some text in the field that disappears when you then start typing?

Drag and drop file method to upload would make the UX more friendly. The user should also be able to use default browse-and-select file by clicking on the drag and drop tile.

You can take inspiration from gmail's drive upload button.

When I try to run the app with Python 3.5.2 the following error occur:

1. except jpype.JavaException, ex is not supported can be changed to except jpype.JavaException as ex
2. from models import gives Import error can be changed to from api.models
3. from urlparse import urljoin also gives import error as there is no module named urlparse in Python3 it has been changed to urllib.parse
4. Also the jpype gives error while installing for python3.6

1 and 2 are fixable but I cannot find a way to fix 3

Programmatic access could put a substantial load on the service if multiple requests are made with high frequency.

Suggest an enhancement to govern the rate at which requests from the same user and/or IP address is made.

This could also apply to the web access.

Currently, when you submit a license, the comments are included in the notes section of the XML.

The legal team would like to include the comments in the Issues submitted to the license-list-XML repo and not include it in the <notes> ... </notes> section of the XML. We'll reserve the notes section of the XML for legal team use.

While installing the online tools on the server, I am getting the following error:

No module named github_utils
...
./app/views.py in <module>, line 57

@rtgdk @gaalocastillo - If you could let me know if there is a missing requirement

It would be nice to have some test cases for the Split View of the XML Editor. They can be similar to the Tree Editor tests. One additional thing that can be tested is the syncing between the tree and text editors.

Can we add a question as follows:

"Have you submitted this license to the OSI or are you planning to? (if yes, use comments to explain)"
with a yes/no option for answer

Description

Python Decouple strictly separates the settings parameters from the source code. It adds parameters related to an instance of the project into a seperate .env file. All the environment-specific parameters (secret key, user, passwords, debug status and hosts to mention a few) can be kept into and changed from a single configuration module. Also, It enables changing parameters without having to redeploy the app.

Adding this into .gitignore ensures these are not pushed with the code.

The following dependency is required for this change:
python-decouple

As suggested by @pombredanne using the scancode-toolkit for check license function would be better, instead of using the Java function and it is also in the TODO list. @goneall @rtgdk Please give your views

It would be great if there is a loading bar displayed when a process is running and even better if we can show the progress also.

On the /app/license_requests/ and /app/archive_requests/ page, the mouse pointer should change to finger when the user hovers over the table items (license names) so that he knows that the items are clickable. In the current version it feels like they are just for displaying the info and not clickable. There can also be some sort of highlighting on mouse hover.

Implement an api for check license method. Take a file as an input, parse it to send the text as a parameter to the spdx java tool function.

To implement the api, take inspiration from here and here

To reproduce, go to the XML editor, select upload file, enter a file name that contains a space.

The space is converted to "%20" for the file reference, so the file is not found (e.g. ignore-me (1).xml is referred to as ignore-me%20(1).xml).

Although, the wiki here is enough to interact with the API but adding a support for API documentation will help people new to the repo, understand what the API can do without access to source code. It will also help them to see all the API endpoints available so that they can use these endpoints to test and analyze the requests and responses of the API endpoints which is not really possible in entering curl commands.

When creating the license XML for a newly submitted license, add the attribute listVersionAdded with a default value of empty string (e.g. <License isOsiApproved="false" licenseId="newlicense" name="newLicense" listVersionAdded="">

This would make it easier to add the list version once a license has been approved.

This issue has been split off from issue #100

Currently, it uses the github user configured in the application (goneall)

Current default sort order is by name. Sorting by date most recent first would be helpful in finding the most recent licenses.

If a field is left empty in the submission form, could we still have the heading for the field (e.g., "Standard License Header") appear in the auto-generated issue so we know more easily that was left blank?

Since we are now deploying multiple versions of the app, we should add a version to the application and display the version in the about page. It would also be nice to display the version of the SPDX tools used in the backend as well.

In api, create model function is saving the files twice. So files sent to api is saved to 2 folders

• media/api/< username >/< time > --> (Saved by views.py) [used by the api to call spdx java tool]
• media/apifiles/< username >/< time > (Saved by models.py) [returned to the api user as json]

Figure out the bug and modify the code to save the file once, use that file for calling the spdx java tools function and return the path of that file.

When a field fails validation, the error is displayed at the top of the page. If you are scrolled at the bottom, you don't see the error message.

Scrolling to the top of the page where the error is would highlight the error and solve the issue.

It would also help to highlight the field in error in red.

api/check_license on the online-tools hosted at https://spdxtools.sourceauditor.com/
is how this issue was first found. The debug is turned-on in production and a global setting to disable/enable is required

It would be great if there is a Dockerfile and the user can just build a Docker image and use the platform locally.

Currently the Archive button on the license_requests/ page and Unarchive button on the archive_requests/ page is visible to everyone, so anyone can just press the buttons and mess things up. These buttons should only be visible to the users who are logged in. What do you think @goneall

In macOS, temp/junk file named .DS_Store is created that stores custom attributes of its containing folder. Update gitignore to ignore such files.

There are certain test cases that break currently. It would be great to add Travis CI or something similar to test each new commit.

Would it make sense to add a code style check? I can recommend pycodestyle

======================================================================
ERROR: test_generate_xml (app.tests.SubmitNewLicenseViewsTestCase)
View for generating an xml from license submittal form fields
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/nezhar/DEV/PYTHON/spdx-online-tools/src/app/tests.py", line 985, in test_generate_xml
    xml = generateLicenseXml(self.osiApproved, self.shortIdentifier, self.fullname, self.urls,
NameError: global name 'generateLicenseXml' is not defined

======================================================================
FAIL: test_license_requests (app.tests.LicenseRequestsViewsTestCase)
GET Request for license requests list
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/nezhar/DEV/PYTHON/spdx-online-tools/src/app/tests.py", line 938, in test_license_requests
    self.assertEqual(resp.resolver_match.func.__name__,"license_requests")
AssertionError: 'licenseRequests' != u'license_requests'

======================================================================
FAIL: test_post_submit (app.tests.SubmitNewLicenseViewsTestCase)
POST Request for submit a new license
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/nezhar/DEV/PYTHON/spdx-online-tools/src/app/tests.py", line 980, in test_post_submit
    self.assertNotEqual(resp.redirect_chain,[])
AssertionError: [] == []

======================================================================
FAIL: test_submit_new_license (app.tests.SubmitNewLicenseViewsTestCase)
GET Request for submit a new license
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/nezhar/DEV/PYTHON/spdx-online-tools/src/app/tests.py", line 963, in test_submit_new_license
    self.assertEqual(resp.resolver_match.func.__name__,"license_requests")
AssertionError: 'submitNewLicense' != u'license_requests'

======================================================================
FAIL: test_invalid_license_name (app.tests.XMLUploadTestCase)
POST request for xml input using invalid license name
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/nezhar/DEV/PYTHON/spdx-online-tools/src/app/tests.py", line 569, in test_invalid_license_name
    self.assertEqual(resp.status_code,404)
AssertionError: 500 != 404

----------------------------------------------------------------------
Ran 63 tests in 42.095s

FAILED (failures=4, errors=1)
Destroying test database for alias 'default'...

The online tool https://spdx.org/spdxweb compares license text to the SPDX listed licenses. It uses a text box input and output a list of matched licenses as a dialog box.

Adding this feature to the spdx-online-tools would allow us to consolidate the tools into one UI (not to mention the UI is better for the spdx-online-tools).

The code is currently implemented as an SPDX servlet, but simply calls the SPDX tools library.

The Java code that calls the library is the following:

LicenseCompareHelper.matchingStandardLicenseIds(licenseText)

where license text is the text in the textbox.

@rtgdk If you prefer, I can create a pull request with the Python code to implement this.

Similar issue #24

Upgrade the codebase to Python 3 and Django 2.1.
Some work is already done in https://github.com/spdx/spdx-online-tools/tree/python3

I keep getting an error when I try to submit a new license. @goneall thinks it may be an issue with an international character. I tried pasting the license text into a text file and converting to plain text - same issue. I've also tried with both Firefox and Chrome browsers (on a Mac) and have same issue:

The following error is being reported by the Travis script:

  File "manage.py", line 22, in <module>
    execute_from_command_line(sys.argv)
  File "/home/travis/virtualenv/python2.7.14/lib/python2.7/site-packages/django/core/management/__init__.py", line 364, in execute_from_command_line
    utility.execute()
  File "/home/travis/virtualenv/python2.7.14/lib/python2.7/site-packages/django/core/management/__init__.py", line 308, in execute
    settings.INSTALLED_APPS
  File "/home/travis/virtualenv/python2.7.14/lib/python2.7/site-packages/django/conf/__init__.py", line 56, in __getattr__
    self._setup(name)
  File "/home/travis/virtualenv/python2.7.14/lib/python2.7/site-packages/django/conf/__init__.py", line 41, in _setup
    self._wrapped = Settings(settings_module)
  File "/home/travis/virtualenv/python2.7.14/lib/python2.7/site-packages/django/conf/__init__.py", line 110, in __init__
    mod = importlib.import_module(self.SETTINGS_MODULE)
  File "/opt/python/2.7.14/lib/python2.7/importlib/__init__.py", line 37, in import_module
    __import__(name)
  File "/home/travis/build/spdx/spdx-online-tools/src/src/settings.py", line 14, in <module>
    from secret import getGithubKey, getGithubSecret, getSecretKey
ImportError: No module named secret

This is due to the file containing the github secret info being missing. I don't believe the current unit tests use the secrets, so may be able to get away with creating a set of fake credentials in a src/src/secret.py file to get around this issue. Another approach would be to use encrypted environment variables to store the credentials in travis then create the secret.py file as part of the travis script.

Currently, all license requests are displayed after being submitted. At some point, the number of license requests may become overwhelming.

Suggest adding an archive feature where you can archive an existing license request. This could be a button on the submitted license list page that would be enabled when a license request is highlighted. It would be moved to an archive category which can have its own display. In the archive display, the license request could be "unarchived" with an unarchive button.

Travis build fails with the WebDriverException: Message: 'geckodriver' executable needs to be in PATH error due to firstly, geckodriver not being installed and secondly, geckodriver executable needs to be in PATH variable.

Can we add a question as follows:

"Are you the license author or do you represent the license author or steward?"
with yes/no options for answer

Currently, the URL for the license issues is hardcoded to point to the SPDX license list (https://github.com/spdx/license-list-XML/issues). The tests are now using a test repository: https://github.com/spdx/TEST-LicenseList-XML/issues

If we could move this URL to the settings file, we could put the https://github.com/spdx/TEST-LicenseList-XML/issues URL as the default and we can replace it with the license-list-XML repo in production.

This would limit the amount of issues being generated in the license-list-XML repo while developing and testing.

Password reset feature would be commendable 🥇 as I love my username

This can be a small step towards #4 .

A potential security vulnerability was found in the current Django version.

Currently, when converting a submitted license to XML the text is formatted by putting a paragraph tag around every line break.

Many copy/pastes have line breaks due to text editor and the lines are not really on paragraph boundaries.

A better algorithm would be to put paragraphs when there are 2 line breaks in a row (e.g. a blank line).