Merge lp://staging/~sil/desktopcouch/create-oauth-tokens-startup into lp://staging/desktopcouch

Add oauth tokens as part of initial desktopcouch setup, and lock desktopcouch access to authenticated users only.

(NB: do not merge into desktopcouch trunk until http://issues.apache.org/jira/browse/COUCHDB-478 is in your couchdb build, or this will prevent access to your desktop Couch; it sets up an admin user in the ini file, but oauth authentication doesn't read from the ini file in Couch trunk; that's what the above patch is for.)

I've packaged 0.10.0~svn806985~ppa1, which is a snapshot of the 0.10 branch that Jan created today, + the part of the patch for COUCHDB-478 that has not been applied to the branch yet.

After merging with trunk and resolving the merge conflicts, I get errors on a number of tests, all appear to have the same cause: 401 on a HEAD request.

===============================================================================
[ERROR]: desktopcouch.records.tests.test_server.TestCouchDatabase.test_record_exists

Traceback (most recent call last):
  File "/usr/lib/python2.6/dist-packages/testtools/testcase.py", line 161, in run
    self.setUp()
  File "/home/emurphy/canonical/ubuntuone/shared/desktopcouch/trunk/desktopcouch/records/tests/test_server.py", line 44, in setUp
    self.dbname, create=True, uri=URI)
  File "/home/emurphy/canonical/ubuntuone/shared/desktopcouch/trunk/desktopcouch/records/server.py", line 58, in __init__
    if database not in self._server:
  File "/usr/lib/pymodules/python2.6/couchdb/client.py", line 124, in __contains__
    self.resource.head(validate_dbname(name))
  File "/usr/lib/pymodules/python2.6/couchdb/client.py", line 981, in head
    return self._request('HEAD', path, headers=headers, **params)
  File "/usr/lib/pymodules/python2.6/couchdb/client.py", line 1035, in _request
    raise ServerError((status_code, error))
couchdb.client.ServerError: (401, '')
===============================================================================
[ERROR]: desktopcouch.records.tests.test_server.TestCouchDatabase.test_update_fields

Traceback (most recent call last):
  File "/usr/lib/python2.6/dist-packages/testtools/testcase.py", line 161, in run
    self.setUp()
  File "/home/emurphy/canonical/ubuntuone/shared/desktopcouch/trunk/desktopcouch/records/tests/test_server.py", line 44, in setUp
    self.dbname, create=True, uri=URI)
  File "/home/emurphy/canonical/ubuntuone/shared/desktopcouch/trunk/desktopcouch/records/server.py", line 58, in __init__
    if database not in self._server:
  File "/usr/lib/pymodules/python2.6/couchdb/client.py", line 124, in __contains__
    self.resource.head(validate_dbname(name))
  File "/usr/lib/pymodules/python2.6/couchdb/client.py", line 981, in head
    return self._request('HEAD', path, headers=headers, **params)
  File "/usr/lib/pymodules/python2.6/couchdb/client.py", line 1035, in _request
    raise ServerError((status_code, error))
couchdb.client.ServerError: (401, '')

> I've packaged 0.10.0~svn806985~ppa1, which is a snapshot of the 0.10 branch
> that Jan created today, + the part of the patch for COUCHDB-478 that has not
> been applied to the branch yet.
>
> After merging with trunk and resolving the merge conflicts, I get errors on a
> number of tests, all appear to have the same cause: 401 on a HEAD request.

Yep. This is a COuch bug (http://issues.apache.org/jira/browse/COUCHDB-479) the fix for which has not yet been merged into trunk :-(

> > I've packaged 0.10.0~svn806985~ppa1, which is a snapshot of the 0.10 branch
> > that Jan created today, + the part of the patch for COUCHDB-478 that has not
> > been applied to the branch yet.
> >
> > After merging with trunk and resolving the merge conflicts, I get errors on
> a
> > number of tests, all appear to have the same cause: 401 on a HEAD request.
>
> Yep. This is a COuch bug (http://issues.apache.org/jira/browse/COUCHDB-479)
> the fix for which has not yet been merged into trunk :-(

Ah, it may have been merged now, looking at the bug report, but I don't know if it's in our packages yet...

> bzr merge lp:~sil/desktopcouch/create-oauth-tokens-startup
 M data/couchdb.tmpl
 M desktopcouch/start_local_couchdb.py
Text conflict in desktopcouch/start_local_couchdb.py
1 conflicts encountered.

> bzr diff desktopcouch/start_local_couchdb.py
=== modified file 'desktopcouch/start_local_couchdb.py'
--- desktopcouch/start_local_couchdb.py 2009-08-21 22:45:24 +0000
+++ desktopcouch/start_local_couchdb.py 2009-08-24 11:12:48 +0000
@@ -34,14 +34,16 @@
 """

 from __future__ import with_statement
-import os, subprocess, sys, glob
+import os, subprocess, sys, glob, random, string
 import desktopcouch
 from desktopcouch import local_files
 import xdg.BaseDirectory
 import errno
-import time
+import time, gtk, gnomekeyring
 from desktopcouch.records.server import CouchDatabase

+ACCEPTABLE_USERNAME_PASSWORD_CHARS = string.lowercase + string.uppercase
+
 def dump_ini(data, filename):
     """Dump INI data with sorted sections and keywords"""
     fd = open(filename, 'w')
@@ -60,9 +62,38 @@
         ini_path=local_files.FILE_INI, db_dir=local_files.DIR_DB,
         log_path=local_files.FILE_LOG, port="0"):
     """Write CouchDB ini file if not already present"""
+<<<<<<< TREE
     if os.path.exists(ini_path):
         return
     ini = {
+=======
+ if os.path.exists(local_files.FILE_INI):
+ # load the username and password from the keyring
+ try:
+ data = gnomekeyring.find_items_sync(gnomekeyring.ITEM_GENERIC_SECRET,
+ {'desktopcouch': 'basic'})
+ except gnomekeyring.NoMatchError:
+ data = None
+ if data:
+ username, password = data[0].secret.split(":")
+ return username, password
+ # otherwise fall through; for some reason the access details aren't
+ # in the keyring, so re-create the ini file and do it all again
+
+ # randomly generate tokens and usernames
+ def make_random_string(count):
+ return ''.join([random.choice(ACCEPTABLE_USERNAME_PASSWORD_CHARS)
+ for x in range(count)])
+
+ ADMIN_ACCOUNT_USERNAME = make_random_string(10)
+ ADMIN_ACCOUNT_BASIC_AUTH_PASSWORD = make_random_string(10)
+ CONSUMER_KEY = make_random_string(10)
+ CONSUMER_SECRET = make_random_string(10)
+ TOKEN = make_random_string(10)
+ TOKEN_SECRET = make_random_string(10)
+
+ local = {
+>>>>>>> MERGE-SOURCE
         'couchdb': {
             'database_dir': db_dir,
             'view_index_dir': db_dir,
@@ -75,10 +106,51 @@
             'file': log_path,
             'level': 'info',
         },
+ 'admins': {
+ ADMIN_ACCOUNT_USERNAME: ADMIN_ACCOUNT_BASIC_AUTH_PASSWORD
+ },
+ 'oauth_consumer_secrets': {
+ CONSUMER_KEY: CONSUMER_SECRET
+ },
+ 'oauth_token_secrets': {
+ TOKEN: TOKEN_SECRET
+ },
+ 'oauth_token_users': {
+ TOKEN: ADMIN_ACCOUNT_USERNAME
+ },
+ 'couch_httpd_auth': {
+ 'require_valid_user': 'true'
+ }
     }
+<<<<<<< TREE
     dump...

> Ah, it may have been merged now, looking at the bug report, but I don't know
> if it's in our packages yet...

Yep, I made sure that the commit which included the purported fix for COUCHDB-479 was included in the couchdb snapshot, but looks like the fix for COUCHDB-479 was broken. We're waiting for couchdb devs to give us a working fix.

rejecting this branch, and merging thisfreds noauth, which combines everything as we discussed this morning.