Noe Gaumont <ngaumont@logilab.fr> [Wed, 22 May 2019 11:29:49 +0200] rev 12621
[doc] fix several typos
Philippe Pepiot <philippe.pepiot@logilab.fr> [Tue, 21 May 2019 10:18:54 +0200] rev 12620
[pkg] make cubicweb[crypto] depends on pycryptodome instead of pycrypto
pycrypto isn't maintained anymore, the last release 2.6.1 is from 2014.
Use the drop-in replacement fork pycryptodome instead.
pycryptodome is packaged in debian starting from stretch-backports.
Philippe Pepiot <philippe.pepiot@logilab.fr> [Tue, 21 May 2019 10:18:38 +0200] rev 12619
[crypto] Encode unicode strings in _cypherer()
pycrypto accept both bytes or string but pycryptodome, which will be introduced
in next changeset, doesn't accept this.
For backward compatibility, encode unicode strings in _cypherer()
julien tayon <julien.tayon@logilab.fr> [Thu, 16 May 2019 14:26:38 +0200] rev 12618
[ldapfeed] FIX: Unique Key violation when synchronizing with LDAPfeed
What was happening
==================
The bug appears when ldapfeed tries to insert a user while another user exists
exists with a different source.
Simple use case to reproduce:
- create a local user in cubicweb (source=system)
- sync with ldap
- ldapfeed will stop complaining user already exists.
Without next patch the test MUST fail with message:
cubicweb/server/sources/native.py:714: UniqueTogetherError
The ldapfeed is thus stopped ignoring any further ldap entries.
The proposal
============
Prior to this patch, the insertion was trying to create all CWUser with the
computed login from eeimporter.extid2eid (method process of DataFeedLDAPAdapter).
When a CWUser existed with a different cw_source ("system" for user created
with cubicweb for instance), it created a conflict.
To avoid collisions, in the extentities_generator method a bypass
was added at the insertion layer.
Prior to insertion the absence of the computed login is checked on a list of
all existing login from a different source.
If collision is detected, we skip the ldap record.
By short circuiting at the CWUser entity insertion level we also avoid to treat
CWGroup and EmailAddress related to this user.
Hence ensuring a behaviour that will not break existing instances.
(conservative approach: faced with ambiguity better do nothing than guess).
An error message is added stating explicitly the conflict.
Denis Laxalde <denis.laxalde@logilab.fr> [Fri, 15 Mar 2019 12:12:23 +0100] rev 12617
Skip tests for ldapsource with python >= 3.7
Until someone works on fixing these, this should make our CI green
again.
I tried to use setupModule() to check for python version, but
pre_setup_database() is apparently called even when a SkipTest exception
is raised there. So handle this in that method.
(grafted from 4d68d20427dee4b6751a0f1f5511fec2a04f4782)
Denis Laxalde <denis.laxalde@logilab.fr> [Thu, 16 May 2019 17:18:29 +0200] rev 12616
Flake8 crypto module
Denis Laxalde <denis.laxalde@logilab.fr> [Thu, 16 May 2019 17:17:42 +0200] rev 12615
Make crypto module python3-compatible
* Remove usage of unicode() and decode the base64-encoded string in
encrypt();
* Encode the string received in decrypt() as (I supposed) it should come
from the result of encrypt().
Add tests for this module along the way.
Laurent Peuch <cortex@worlddomination.be> [Thu, 16 May 2019 04:42:59 +0200] rev 12614
[mod] make ViolatedConstraint actually display useful information
Move from:
(Pdb++) raise some_exception
*** ViolatedConstraint:
To:
(Pdb++) raise some_exception
*** ViolatedConstraint: constraint 'cstr56c2ab4b3154f21d08b067742ce5bd9d' is being violated by the query 'ALTER TABLE cw_Bibliography ADD CONSTRAINT cstr56c2ab4b3154f21d08b067742ce5bd9d CHECK(cw_item_type IN ('journalArticle', 'note', 'book', 'thesis', 'film', 'web page', 'manuscrit', 'tapuscrit'))'. You can run the inverted constraint on the database to list the problematic rows.
And save hours of debugging to actually understand what is going on.
Denis Laxalde <denis.laxalde@logilab.fr> [Thu, 16 May 2019 09:40:28 +0200] rev 12613
Fix flake8 errors/warnings about import in cubicweb/_exceptions.py
We either ignore errors in case of name re-exports and drop re-exports
from old backwards compatibility. We fix the only occurrence of
NoSelectableObject being imported from cubicweb in tests and update the
import to use lgc instead.
Laurent Peuch <cortex@worlddomination.be> [Thu, 16 May 2019 04:47:27 +0200] rev 12612
add comment and # noqa on used import