login may now be for a single session

trackers may hide exceptions from web users (they will be mailed to the
tracker admin)

Author: Richard Jones

CHANGES.txt

@@ -1,9 +1,12 @@
 This file contains the changes to the Roundup system over time. The entries
 are given with the most recent entry first.
 
-2006-02-06 1.0.2
+2006-02-06 1.1.0
 Feature:
 - trackers may configure custom stop-words for the full-text indexer
+- login may now be for a single session
+- trackers may hide exceptions from web users (they will be mailed to the
+  tracker admin)
 
 Fixed:
 - fixes in scripts/import_sf.py

doc/customizing.txt

@@ -2,7 +2,7 @@
 Customising Roundup
 ===================
 
-:Version: $Revision: 1.192 $
+:Version: $Revision: 1.193 $
 
 .. This document borrows from the ZopeBook section on ZPT. The original is at:
    http://www.zope.org/Documentation/Books/ZopeBook/current/ZPT.stx
@@ -163,6 +163,26 @@ Section **tracker**
  email -- ``issue_tracker``
   Email address that mail to roundup should go to.
 
+Section **web**
+ http_auth -- ``yes``
+  Whether to use HTTP Basic Authentication, if present.
+  Roundup will use either the REMOTE_USER or HTTP_AUTHORIZATION
+  variables supplied by your web server (in that order).
+  Set this option to 'no' if you do not wish to use HTTP Basic
+  Authentication in your web interface.
+
+ use_browser_language -- ``yes``
+  Whether to use HTTP Accept-Language, if present.
+  Browsers send a language-region preference list.
+  It's usually set in the client's browser or in their
+  Operating System.
+  Set this option to 'no' if you want to ignore it.
+
+ debug -- ``no``
+  Setting this option makes Roundup display error tracebacks
+  in the user's browser rather than emailing them to the
+  tracker admin."),
+
 Section **rdbms**
  Settings in this section are used by Postgresql and MySQL backends only
 
@@ -4494,6 +4514,24 @@ Setting up a "wizard" (or "druid") for controlled adding of issues
    you're done (the standard context/submit method can do this for you).
 
 
+Debugging Trackers
+==================
+
+There are three switches in tracker configs that turn on debugging in
+Roundup:
+
+1. web :: debug
+2. mail :: debug
+3. logging :: level
+
+See the config.ini file or the `tracker configuration`_ section above for
+more information.
+
+Additionally, the ``roundup-server.py`` script has its own debugging mode
+in which it reloads edited templates immediately when they are changed,
+rather than requiring a web server restart.
+
+
 -------------------
 
 Back to `Table of Contents`_

doc/upgrading.txt

@@ -13,6 +13,22 @@ steps.
 
 .. contents::
 
+Migrating from 1.0 to 1.1
+=========================
+
+1.1 Login for Session Only
+--------------------------
+
+In 1.1, web logins are alive for the length of a session only, *unless* you
+add the following to the login form in your tracker's ``page.html``::
+
+    <input type="checkbox" name="remember" id="remember">
+    <label for="remember" i18n:translate="">Remember me?</label><br>
+
+See the classic tracker ``page.html`` if you're unsure where this should
+go.
+
+
 Migrating from 0.8.x to 1.0
 ===========================
 

roundup/cgi/actions.py

@@ -1,4 +1,4 @@
-#$Id: actions.py,v 1.56 2006-01-27 03:30:38 richard Exp $
+#$Id: actions.py,v 1.57 2006-02-08 03:47:28 richard Exp $
 
 import re, cgi, StringIO, urllib, Cookie, time, random, csv, codecs
 
@@ -735,7 +735,7 @@ def finishRego(self):
                 user=user, last_use=time.time())
         else:
             # new session cookie
-            self.client.set_cookie(user)
+            self.client.set_cookie(user, expire=None)
 
         # nice message
         message = self._('You are now registered, welcome!')
@@ -913,7 +913,10 @@ def handle(self):
         self.client.opendb(self.client.user)
 
         # set the session cookie
-        self.client.set_cookie(self.client.user)
+        if self.form.get('remember'):
+            self.client.set_cookie(self.client.user, expire=86400*365)
+        else:
+            self.client.set_cookie(self.client.user, expire=None)
 
         # If we came from someplace, go back there
         if self.form.has_key('__came_from'):

roundup/cgi/client.py

@@ -1,4 +1,4 @@
-# $Id: client.py,v 1.219 2006-01-25 02:59:27 richard Exp $
+# $Id: client.py,v 1.220 2006-02-08 03:47:28 richard Exp $
 
 """WWW request handler (also used in the stand-alone server).
 """
@@ -46,6 +46,10 @@ def clean_message_callback(match, ok={'a':1,'i':1,'b':1,'br':1}):
         return match.group(1)
     return '<%s>'%match.group(2)
 
+error_message = '''<h1>An error has occurred</h1>
+<p>A problem was encountered processing your request. The tracker maintainers
+have been notified of the problem.</p>'''
+
 class Client:
     '''Instantiate to handle one CGI request.
 
@@ -302,8 +306,11 @@ def inner_main(self):
             self.error_message.append(self._('Form Error: ') + str(e))
             self.write_html(self.renderContext())
         except:
-            # everything else
-            self.write_html(cgitb.html(i18n=self.translator))
+            if self.db.config.WEB_DEBUG:
+                self.write_html(cgitb.html(i18n=self.translator))
+            else:
+                self.mailer.exception_message()
+                return self.write_html(error_message)
 
     def clean_sessions(self):
         """Age sessions, remove when they haven't been used for a week.
@@ -854,9 +861,10 @@ def header(self, headers=None, response=None):
         for entry in headers.items():
             self.request.send_header(*entry)
         for ((path, name), (value, expire)) in self.add_cookies.items():
-            self.request.send_header('Set-Cookie',
-                "%s=%s; expires=%s; Path=%s;"
-                % (name, value, Cookie._getdate(expire), path))
+            cookie = "%s=%s; Path=%s;"%(name, value, path)
+            if expire is not None:
+                cookie += " expires=%s;"%Cookie._getdate(expire)
+            self.request.send_header('Set-Cookie', cookie)
         self.request.end_headers()
         self.headers_done = 1
         if self.debug:
@@ -875,6 +883,7 @@ def add_cookie(self, name, value, expire=86400*365, path=None):
                 If value is empty (meaning "delete cookie"),
                 expiration time is forced in the past
                 and this argument is ignored.
+                If None, the cookie will expire at end-of-session.
                 If omitted, the cookie will be kept for a year.
             path:
                 cookie path (optional)
@@ -886,7 +895,7 @@ def add_cookie(self, name, value, expire=86400*365, path=None):
             expire = -1
         self.add_cookies[(path, name)] = (value, expire)
 
-    def set_cookie(self, user):
+    def set_cookie(self, user, expire=None):
         """Set up a session cookie for the user.
 
         Also store away the user's login info against the session.
@@ -913,7 +922,7 @@ def set_cookie(self, user):
         self.db.commit()
 
         # add session cookie
-        self.add_cookie(self.cookie_name, self.session)
+        self.add_cookie(self.cookie_name, self.session, expire=expire)
 
     def make_user_anonymous(self):
         ''' Make us anonymous

roundup/configuration.py

@@ -1,6 +1,6 @@
 # Roundup Issue Tracker configuration support
 #
-# $Id: configuration.py,v 1.32 2006-02-06 21:00:44 richard Exp $
+# $Id: configuration.py,v 1.33 2006-02-08 03:47:28 richard Exp $
 #
 __docformat__ = "restructuredtext"
 
@@ -495,9 +495,13 @@ class NullableFilePathOption(NullableOption, FilePathOption):
         (BooleanOption, 'use_browser_language', "yes",
             "Whether to use HTTP Accept-Language, if present.\n"
             "Browsers send a language-region preference list.\n"
-            "It's usually set in the client's browser or in his\n"
+            "It's usually set in the client's browser or in their\n"
             "Operating System.\n"
             "Set this option to 'no' if you want to ignore it."),
+        (BooleanOption, "debug", "no",
+            "Setting this option makes Roundup display error tracebacks\n"
+            "in the user's browser rather than emailing them to the\n"
+            "tracker admin."),
     )),
     ("rdbms", (
         (Option, 'name', 'roundup',

roundup/mailer.py

@@ -1,9 +1,9 @@
 """Sending Roundup-specific mail over SMTP.
 """
 __docformat__ = 'restructuredtext'
-# $Id: mailer.py,v 1.14 2006-02-02 04:14:29 richard Exp $
+# $Id: mailer.py,v 1.15 2006-02-08 03:47:28 richard Exp $
 
-import time, quopri, os, socket, smtplib, re
+import time, quopri, os, socket, smtplib, re, sys, traceback
 
 from cStringIO import StringIO
 from MimeWriter import MimeWriter
@@ -143,6 +143,15 @@ def bounce_message(self, bounced_message, to, error,
 
         self.smtp_send(to, message)
 
+    def exception_message(self):
+        '''Send a message to the admins with information about the latest
+        traceback.
+        '''
+        subject = '%s: %s'%(self.config.TRACKER_NAME, sys.exc_info()[1])
+        to = [self.config.ADMIN_EMAIL]
+        content = traceback.format_exc()
+        self.standard_message(to, subject, content)
+
     def smtp_send(self, to, message):
         """Send a message over SMTP, using roundup's config.
 

templates/classic/html/page.html

@@ -100,6 +100,8 @@ <h2><span metal:define-slot="body_title">body title</span></h2>
     <input size="10" name="__login_name"><br>
     <input size="10" type="password" name="__login_password"><br>
     <input type="hidden" name="@action" value="Login">
+    <input type="checkbox" name="remember" id="remember">
+    <label for="remember" i18n:translate="">Remember me?</label><br>
     <input type="submit" value="Login" i18n:attributes="value"><br>
     <input type="hidden" name="__came_from" tal:attributes="value string:${request/base}${request/env/PATH_INFO}">
     <span tal:replace="structure request/indexargs_form" />

templates/minimal/html/page.html

@@ -41,6 +41,8 @@ <h2><span metal:define-slot="body_title">body title</span></h2>
     <input size="10" name="__login_name"><br>
     <input size="10" type="password" name="__login_password"><br>
     <input type="hidden" name="@action" value="Login">
+    <input type="checkbox" name="remember" id="remember">
+    <label for="remember" i18n:translate="">Remember me?</label><br>
     <input type="submit" value="Login" i18n:attributes="value">
     <input type="hidden" name="__came_from" tal:attributes="value string:${request/base}${request/env/PATH_INFO}">
     <span tal:replace="structure request/indexargs_form" />