GraceDB Server issueshttps://git.ligo.org/computing/gracedb/server/-/issues2022-08-03T18:48:03Zhttps://git.ligo.org/computing/gracedb/server/-/issues/59Password expiration reminders for basic auth tokens2022-08-03T18:48:03ZTanner PrestegardPassword expiration reminders for basic auth tokensCreated January 4, 2017. Copied from redmine (https://bugs.ligo.org/redmine/issues/4976)
We'd like to implement a system where reminder e-mails are sent out when your basic auth token is about to expire.
Thoughts:
1. How long before exp...Created January 4, 2017. Copied from redmine (https://bugs.ligo.org/redmine/issues/4976)
We'd like to implement a system where reminder e-mails are sent out when your basic auth token is about to expire.
Thoughts:
1. How long before expiration date?
2. How many reminders?
3. Should update password management page with details. Emphasize 1 year expiration date.
How to implement: daily cron job that checks for any passwords expiring within the next X days?https://git.ligo.org/computing/gracedb/server/-/issues/144Remove LV-EM access2022-03-22T18:19:00ZTanner PrestegardRemove LV-EM accessWe don't have MOUs anymore from O1/O2, so the privileged access based on this should be removed. We should do it in a smart way so that the functionality remains and can be expanded to additional groups, as we may have MOUs with a few se...We don't have MOUs anymore from O1/O2, so the privileged access based on this should be removed. We should do it in a smart way so that the functionality remains and can be expanded to additional groups, as we may have MOUs with a few select groups in the future.https://git.ligo.org/computing/gracedb/server/-/issues/69IntegrityError for control room middleware2019-04-22T18:28:07ZTanner PrestegardIntegrityError for control room middlewareThe middleware that adds/removes users from the control room group is throwing IntegrityErrors suddenly. I just noticed it today when trying to test web signoffs on gracedb-dev2, and later, I got notifications when a user was trying to ...The middleware that adds/removes users from the control room group is throwing IntegrityErrors suddenly. I just noticed it today when trying to test web signoffs on gracedb-dev2, and later, I got notifications when a user was trying to GET a file on gracedb-playground. I noted that the user's REMOTE_ADDR corresponded to the H1 control room.
Potentially, this could be fixed by the new auth system which is in development on the auth_update branch, but we would have to test it extensively to be sure. I don't think there is a strong need to fix it before we merge that branch into master, since it seems to occur so rarely and moving to the new branch should happen in the near future.[error_email.log](/uploads/b8b2ceb7c413139a272ac24828cd410b/error_email.log)https://git.ligo.org/computing/gracedb/server/-/issues/102Certificate challenge2019-02-21T05:23:08ZTanner PrestegardCertificate challengeUsers who have certificates in their browsers will receive a certificate challenge when they go to anything under `/api/`. The certificate should *not* be required, but it's pretty annoying and most users won't know to just hit cancel (...Users who have certificates in their browsers will receive a certificate challenge when they go to anything under `/api/`. The certificate should *not* be required, but it's pretty annoying and most users won't know to just hit cancel (if they try to submit an invalid certificate, they will not be allowed access).
This is also happening on the main web view pages because the javascript makes calls to the API to get some information.https://git.ligo.org/computing/gracedb/server/-/issues/57Rework of authentication and authorization framework2018-12-17T19:44:16ZTanner PrestegardRework of authentication and authorization frameworkWe currently rely on Apache to do a lot of the authorization and authentication in GraceDB. We should get the information from Apache, log the user in, then handle everything else in Django. This will be important for having public acces...We currently rely on Apache to do a lot of the authorization and authentication in GraceDB. We should get the information from Apache, log the user in, then handle everything else in Django. This will be important for having public access for O3. I've started work on this in the following branch: https://git.ligo.org/lscsoft/gracedb/tree/auth_updatehttps://git.ligo.org/computing/gracedb/server/-/issues/83Clean up old X509 certificates2018-12-17T19:43:07ZTanner PrestegardClean up old X509 certificatesThere are a number of old and clearly unused X509 certificates in the database which should be cleared out.
I am also not sure if the 'refresh_users_from_ldap' script clears out old certificates or not. Should check on that.There are a number of old and clearly unused X509 certificates in the database which should be cleared out.
I am also not sure if the 'refresh_users_from_ldap' script clears out old certificates or not. Should check on that.https://git.ligo.org/computing/gracedb/server/-/issues/86Unit tests for new auth middleware and backends2018-11-26T18:24:55ZTanner PrestegardUnit tests for new auth middleware and backendsNeed unit tests for new auth middleware and backends to make sure they are working as expected. Should check both main site and API components.Need unit tests for new auth middleware and backends to make sure they are working as expected. Should check both main site and API components.Public-facing GraceDB2018-11-16https://git.ligo.org/computing/gracedb/server/-/issues/84Unit tests for event web urls2018-11-19T17:23:38ZTanner PrestegardUnit tests for event web urlsAdd unit tests to check access/authorization for web URLs in the events app.
Things which need to be tested:
* [x] Event detail pages
* [x] Event file list pages
* [x] Event file download pages
* [x] Event creation page
* [x] Event neig...Add unit tests to check access/authorization for web URLs in the events app.
Things which need to be tested:
* [x] Event detail pages
* [x] Event file list pages
* [x] Event file download pages
* [x] Event creation page
* [x] Event neighbor pages
* [x] ~~Event VOEvent creation pages~~ **(deleted)**
* [x] Modify t_90 pages
* [x] Modify permissions pages
* [x] Modify signoff pages
* [x] Log entry creation page
* [x] Log entry tag page
* [x] ~~Process EMBB event log page~~ **(deleted)**
* [x] Process EMObservation pagePublic-facing GraceDB2018-11-19https://git.ligo.org/computing/gracedb/server/-/issues/58Add backup IdP to GraceDB2018-09-06T15:30:27ZTanner PrestegardAdd backup IdP to GraceDBThe issues with login.ligo.org last week clearly demonstrate the need to allow authentication through GraceDB with the backup IdPs. I played around with it a bit but was not able to get it working in production, due to the fact that we ...The issues with login.ligo.org last week clearly demonstrate the need to allow authentication through GraceDB with the backup IdPs. I played around with it a bit but was not able to get it working in production, due to the fact that we don't pull the base LIGO metadata (we get it from InCommon).