Time
S
Nick
Message
02:57 axfelix joined #dataverse
02:59 axfelix joined #dataverse
03:04 axfelix joined #dataverse
03:51 michbarsinai joined #dataverse
04:44 axfelix joined #dataverse
04:57 axfelix joined #dataverse
05:19 axfelix joined #dataverse
07:21 jri joined #dataverse
13:19 bsilverstein joined #dataverse
13:22 michbarsinai joined #dataverse
13:25 nicholas_ joined #dataverse
13:39 pameyer joined #dataverse
13:44 pdurbin
jri: hi! I was just reading through https://github.com/IQSS/dataverse-client-python/issues/35 and just wanted to make sure you saw how http://guides.dataverse.org/en/latest/installation/config.html#blockedapikey says "When calling blocked APIs, add a query parameter of unblock-key=theKeyYouChose to use the key."
13:44 pdurbin
nicholas_: mornin'. Any more thoughts on 2FA?
13:45 pdurbin
pameyer: last day before your well deserved vacation!
13:45 pameyer
pdurbin: thanks!
13:46 jri
pdurbin: Yes I saw that. My question is how to add this parameter with the python client
13:49 pdurbin
jri: it looks like the value "key" is hard-coded in a few places such as https://github.com/IQSS/dataverse-client-python/blob/e604d98ed76fd46f031c994d02b3f6765a07af44/dataverse/connection.py#L55
13:50 jri
pdurbin: hmm, but this is not the user token ?
13:50 nicholas_
Morning. I talked to Original Nick, and he is of the mindset that we'll probably still need 2FA, at least in the short term. The final decision rests with the security folks, so what he and I will do is bring it up with our supervisor, and he'll decide if we want to present the 'disabling dataverseAdmin' option to security.
13:51 nicholas_
ON is not optimistic, because it's possible that there will still be non-Shib people who need admin rights.
13:51 pdurbin
It *is* the user token. There are two ways to specify it. The old way is "key" as a query parameter (which I don't like since it shows up in access logs) and the new way is the "X-Dataverse-key" header: http://guides.dataverse.org/en/4.4/api/native-api.html
13:52 pdurbin
heh. "ON". That took me a minute
13:54 pdurbin
nicholas_: if you still want to implement 2FA please ask your questions about BuiltinAuthenticationProvider and such so michbarsinai can weigh in.
13:55 nicholas_
pdurbin: thanks. I'll do that.
13:55 pdurbin
jri: I hope I'm not confusing you! To back up, I guess I'm wondering why you don't want to use the "key" solution that the Python client already supports. Also, you should get in touch with @TomBaxter who is mentioned at https://github.com/CenterForOpenScience/osf.io/pull/5344#issuecomment-225929790
13:57 jri
pdurbin: hum, you lost me :) I've two different keys: the user API Token (which we find in the Web GUI ) and BlockedAPIKey (which we set) which I set with use "unblock-key" in BlockedApiKey parameter.
13:59 jri
Ah ok, I will try to talk with him
13:59 pdurbin
jri: to be honest, I'm not sure I've ever used that "unblock-key" thing. I'm not even sure what we call it.
14:00 pdurbin
Rather than "unblock-key" I use user-level API tokens.
14:00 jri
I don't know... As I understood from the doc: the API is localhost only by default, and I don't want that. I need to access it from others computers
14:01 jri
Oh! the user-level API tokens are not locked to localhost ?
14:01 pdurbin
jri: nope. Not locked to localhost.
14:01 jri
Ok! good to know
14:02 jri
so my problem comes form elsewhere :)
14:02 pdurbin
well, hold on
14:02 pdurbin
jri: I hope I'm not further confusing you.
14:02 jri
Maybe I should close this issue
14:03 jri
No this is clear know, and I will use user tokens.
14:03 jri
I was thinking that API configuration was a step before using user tokens
14:03 jri
"A first door"
14:03 pdurbin
jri: ok, just please be sure to block the "admin" and "test" endpoints per http://guides.dataverse.org/en/latest/installation/config.html#blocking-api-endpoints
14:04 jri
Ok,
14:04 jri
Are needed to create and delete dataverses ?
14:04 jri
are they*
14:04 pdurbin
nope
14:04 jri
Ok
14:05 jri
Thanks for your help again !
14:05 pdurbin
jri: if you do close that issue (up to you), please link to these IRC logs
14:09 jri
done ;)
14:11 pdurbin
jri: thanks!
14:17 dataverse-user joined #dataverse
14:17 dataverse-user left #dataverse
14:17 jo-pol joined #dataverse
14:19 jo-pol
@pdurbin you wrote "`asadmin stop-domain` (kill -9 if necessary)" but "asadmin help stop-domain" says "[--force={true|false}] [--kill={false|true}]"
14:22 pdurbin
jo-pol: hi! Ah, so you are saying that --force=true is probably the same as kill -9
14:23 pdurbin
whatever floats your boat :)
14:27 jo-pol
you might have meant kill as shell command, so just asked
14:27 pdurbin
jo-pol: yeah, I meant https://github.com/IQSS/dataverse/blob/v4.4/scripts/database/homebrew/kill9glassfish
15:35 pdurbin
call starts in half an hour: http://dataverse.org/community-calls
15:36 pdurbin
nicholas_: I've been encouraging TDL to call in
16:18 nicholas_
pdurbin: Sorry about that. I just joined a few minutes ago. I'm so new here I didn't know how to get an outside line. Sad!
16:19 pdurbin
nicholas_: heh, no worries. We do these calls every two weeks
16:19 pdurbin
you can read the notes so far at https://docs.google.com/document/d/1ACzoQa78yGMGS4ogrXISPVcsajw9B6HiWnRGUP_mCyM/edit?usp=sharing
16:19 nicholas_
I'm there.
16:35 donsizemore joined #dataverse
17:19 pdurbin
donsizemore: hi! I haven't forgotten about #239603: question about Shibboleth password conversion - https://help.hmdc.harvard.edu/Ticket/Display.html?id=239603
18:08 donsizemore
@pdurbin thank you! it's kind of a blocker on this end. akio is looking at augmenting the shib page code temporarily but we weren't sure if you all had seen it before
18:10 pdurbin
donsizemore: I'm in the middle of https://github.com/IQSS/dataverse/issues/3203 but I may have some questions for you in a bit.
19:04 pdurbin
shoot, he's gone
19:19 pdurbin
ah, https://github.com/IQSS/dataverse/pull/2922#issuecomment-190818688 has what I need about passwordencryptionversion etc.
19:21 michbarsinai joined #dataverse
19:27 donsizemore joined #dataverse
19:33 donsizemore
@pdurbin i'm back!
19:33 pdurbin
donsizemore: I'm getting a different error than you reported.
19:33 pdurbin
you're on 4.4 right?
19:34 donsizemore
@pdurbin: correct.
19:34 pdurbin
dunno if you saw the last link I dropped in here but that's how I'm simulating a user who hasn't upgraded their password to bcrypt yet
19:35 donsizemore
@pdurbin akio and i are reading through the ticket
19:36 pdurbin
which? 239603 or pull request 2922?
19:37 donsizemore
@pdurbin we're seeing 4.4's shib page consistently reject password hashes from 3.6. the builtinuser page recognizes the old hash and asks the user to change passwords. we were reading 2922 but we're more interested in 239603
19:42 pdurbin
donsizemore: yes, I agree there's a bug. At the very least the Shib conversion page should tell the user to go change their password first (to be encrypted with bcrypt) and then try again. Obviously, this is a poor user experience.
19:43 donsizemore
@pdurbin: it's a minor dealy but if we can re-use/inject the old-style password auth into the shib page i think we're good
19:44 pdurbin
yeah, I wonder why it doesn't work...
19:44 pdurbin
I'll see if I can figure it out without help from michbarsinai who did all the bcrypt stuff.
19:47 michbarsinai
I'm here
19:48 donsizemore
does IQSS accept deliveries from the cheesecake factory
19:49 pdurbin
heh
20:05 pdurbin
michbarsinai: AuthenticationResponse is showing "BREAKOUT"
20:09 donsizemore joined #dataverse
20:21 michbarsinai joined #dataverse
20:21 michbarsinai
That's what it's supposed to show when it requires the users to update their passwords.
20:30 pdurbin
michbarsinai: so I'll have to drop to a lower level: PasswordEncryption.getVersion(builtinUser.getPasswordEncryptionVersion()).check(password, builtinUser.getEncryptedPassword())
20:33 axfelix joined #dataverse
20:34 jamie joined #dataverse
20:35 Guest49527
does anyone know of any use cases where a dataverse repository has been integrated into an existing institutional repository?
20:40 pdurbin
Guest49527: such as Archivematica? There's an integration effort between them and Dataverse: https://wiki.archivematica.org/Dataverse
20:40 pdurbin
donsizemore michbarsinai: again, I agree it's a bug. I gotta run but here are some thoughts: Upgraded (Bcrypt) password required for conversion from local to Shibboleth account · Issue #3287 · IQSS/dataverse - https://github.com/IQSS/dataverse/issues/3287 (I created a new issue).
20:44 Guest49527
pdurbin: I didn't know about that - thank you. I was thinking about universities who might be branding dataverse as an extension of their institutional repo and capturing dataverse metadata in the metadata record for, for example, a paper deposited in the IR
20:46 pdurbin
Guest49527: I gotta run but would you be able to ask at https://groups.google.com/forum/#!forum/dataverse-community ? You'll reach more people there. Lots of integration work is going on in general.
20:47 Guest49527
thanks!
21:03 donsizemore
@pdurbin: sophia and i are in agreement -- all they got in the web page (last week) was "password failed"
23:24 michbarsinai joined #dataverse
