IQSS logo

IRC log for #dataverse, 2016-10-03

Connect via chat.dataverse.org to discuss Dataverse (dataverse.org, an open source web application for sharing, citing, analyzing, and preserving research data) with users and developers.

| Channels | #dataverse index | Today | | Search | Google Search | Plain-Text | plain, newest first | summary

All times shown according to UTC.

Time S Nick Message
07:11 jri joined #dataverse
09:30 romainM joined #dataverse
10:04 cads joined #dataverse
12:36 romainM joined #dataverse
12:49 donsizemore joined #dataverse
13:07 pdurbin bricas_ donsizemore jri telnoratti: would one of you be able to reply to this thread? RHEL Linux, SELinux and Shibboleth - Google Groups - https://groups.google.com/forum/#!msg/dataverse-community/U04sLtEkJ7Q/HTufSDqgAgAJ
13:10 donsizemore @pdurbin i've started several replies in my head... the glassfish/dataverse bits for SElinux can be worked out with enough testing. the Shibboleth stuff...
13:11 pdurbin donsizemore: are you saying Dataverse itself requires SELinux to be disabled? I thought it only had to be disabled if Shibboleth is used.
13:11 donsizemore @pdurbin p.s. this is our monday-morning-after-migration so i may be pestering with shib / user conversion question
13:12 donsizemore @pdurbin ah, good to know dataverse/glassfish can abide with SElinux. the Shib stuff... oy vey.
13:12 pdurbin donsizemore: well, I'm not saying one way or the other. We tend to just turn off SELinux. Or set it to permissive at least.
13:13 donsizemore @pdurbin i have it set to permissive on dataverse.unc.edu for shib, so i can take a walk through the logs and see what it's allowing
13:13 pdurbin actually, at https://dev1.dataverse.org `getenforce` returns "Enforcing" so I guess SELinux is on there. No Shibboleth.
13:14 donsizemore @pdurbin however, we've still got to rehome handles, create an OAI dataset for our odum dataverse, deal with user password/e-mail issues as they come up and figure out some SQL errors we're getting from guestbookresponse
13:16 donsizemore @pdurbin and leonid wants us to set some more dates to null in the dvobject table, apparently published datasets in unpublished dataverses are searchable/discoverable in 4.n
13:25 djbrooke joined #dataverse
13:25 M__ joined #dataverse
13:26 pdurbin donsizemore: right. In Dataverse 4 you can't publish a dataset until its parent dataverse has been published.
14:28 djbrooke joined #dataverse
14:37 pameyer joined #dataverse
14:39 pameyer looks like the 'previous day' option vanished from the irc logs
14:41 pdurbin pameyer: yeah, I've been meaning to upgrade iqlogbot to philbot and fix this issue: https://github.com/pdurbin/philbot/issues/1
14:41 pameyer ok - known issue :)
14:42 pdurbin pameyer: yeah, please feel free to open an issue at https://github.com/dvn/iqirclog-vagrant for iqlogbot
14:46 djbrooke joined #dataverse
14:59 pdurbin pameyer: for now I left a comment at https://github.com/dvn/iqirclog-vagrant/issues/1#issuecomment-251129726
14:59 djbrooke_ joined #dataverse
15:01 djbrooke_ joined #dataverse
15:12 donsizemore joined #dataverse
15:27 djbrooke joined #dataverse
15:34 djbrooke joined #dataverse
15:37 djbrooke_ joined #dataverse
15:39 djbrooke_ joined #dataverse
15:40 djbrooke joined #dataverse
15:56 pdurbin pameyer: I know we created https://github.com/IQSS/dataverse/issues/3338 together with no description but I'm thinking we should fill in some more details about how we expect OAuth/ORCID login to work. Top of mind for me is that the user is not prompted to agree to Terms of Use (as of 0fe2280 anyway). I'd consider this to be a bug but perhaps this and other items are on a todo list somewhere?
16:03 pdurbin for now I left a comment at https://github.com/IQSS/dataverse/commit/78e70366709b9877c3611bf88464f45e48de2368#commitcomment-19269271
16:04 djbrooke joined #dataverse
16:10 jgautier joined #dataverse
16:59 djbrooke joined #dataverse
17:00 djbrooke joined #dataverse
17:07 djbrooke joined #dataverse
17:12 djbrooke_ joined #dataverse
17:41 djbrooke joined #dataverse
17:42 donsizemore joined #dataverse
17:53 djbrooke joined #dataverse
18:07 djbrooke joined #dataverse
18:18 donsizemore joined #dataverse
18:20 djbrooke joined #dataverse
18:27 djbrooke joined #dataverse
18:31 djbrooke joined #dataverse
18:36 djbrooke joined #dataverse
18:39 djbrooke joined #dataverse
18:47 donsizemore joined #dataverse
18:55 djbrooke joined #dataverse
19:00 djbrooke joined #dataverse
19:18 djbrooke joined #dataverse
19:19 djbrooke_ joined #dataverse
19:19 donsizemore @pdurbin is there any way i can get some foo on #241946 ? we set org.eclipse.persistence.internal.jpa.metad​ata.listeners.BeanValidationListener=FINE but aren't picking anything up in the log
19:23 pdurbin donsizemore: have you ever tried http://localhost:8080/api/admin/authenticatedUsers from http://guides.dataverse.org/en/4.5/api/native-api.html#admin ?
19:25 djbrooke joined #dataverse
19:31 pdurbin donsizemore: if you can figure out how to make Glassfish log a ConstraintViolationException that would be awesome. In practice, I always seem to have to catch them to see them, like this: https://github.com/IQSS/dataverse/blob/v4.5/src/main/java/edu/harvard/iq/dataverse/api/Index.java#L267
19:38 pameyer pdurbin: I'm not sure why the top comment is showing up as coming from me (for 3338) - looks like something you wrote
19:39 pdurbin pameyer: yeah, sorry. I edited it. Added a bunch of stuff. I hope you don't mind.
19:39 pameyer not at all - edits are welcome.  I just hadn't realized that you could make edits to a comment that would show up as another user
19:39 pdurbin yeah, it's pretty weird
19:40 pdurbin pameyer: does what I wrote make sense? Should we add or remove anything?
19:40 pameyer reading now ....
19:40 donsizemore @pdurbin is there a way for admins to reset passwords for folks on demand? i didn't see how in the guide
19:41 djbrooke joined #dataverse
19:41 pameyer pdurbin: for our use case, I don't know it's necessary that a local user be convertible to OAuth/ORCID.
19:42 pameyer but that's something we should work out with migration
19:43 pameyer pdurbin: I think you're right about TOS being a bug; not sure if there's an enumerated TODO list yet
19:43 pdurbin pameyer: should we move both "convert" bullet points from "in scope" to "possibily in scope"?
19:44 pdurbin donsizemore: nope: https://github.com/IQSS/dataverse/issues/2029
19:45 pameyer oauth -> local seems like it might be more "possibly" than local -> oauth.  but both "possible"
19:46 pdurbin pameyer: what's most important is keeping the "in scope" list within reason. Not too much scope creep. There's still time to defer work, to create follow up issues.
19:48 pdurbin donsizemore: the tokens are stored in the "passwordresetdata" table, if that helps: http://phoenix.dataverse.org/schemaspy/latest/tables/passwordresetdata.html
19:48 axfelix joined #dataverse
19:49 donsizemore @pdurbin yes, i can see them come and go when i reset my own local account. so we can just do manual inserts on the handful of folks and send them the respective token?
19:54 pdurbin donsizemore: I guess you could enter their email addresses into the password reset form. That should create a token for them.
19:54 pameyer pdurbin: revisiting what I was thinking.  it seems to make more sense to make external auth providers (shib and oauth) act the same way, including account conversions
19:55 pdurbin pameyer: ok, do you think there is an enumerated TODO list? I think we'd like the description of that issue to be the TODO list if that's ok... what's "in scope" for the issue.
19:57 donsizemore @pdurbin the password reset form is what's throwing that series of errors, but only for certain users
19:58 pameyer pdurbin: is there an enumerated list for how shib was implemented in an issue somewhere?
19:59 pdurbin pameyer: this is a pretty good list for shib: https://github.com/IQSS/dataverse/issues/2939
20:00 pdurbin donsizemore: right, bad data. Do you have the username of a problematic user?
20:01 donsizemore @pdurbin yes. is that where the authenticatedusers endpoint comes into play?
20:02 pdurbin donsizemore: yes, see "Sample output using “dataverseAdmin” as the identifier" at http://guides.dataverse.org/en/4.5/api/native-api.html#admin
20:03 pdurbin donsizemore: can you please try `GET http://$SERVER/api/admin/aut​henticatedUsers/$identifier
20:03 pdurbin ... with one of your problem users?
20:04 donsizemore @pdurbin the JSON produced looks fine, at least to me
20:04 pdurbin interesting. I expected it to blow up
20:08 donsizemore @pdurbin so far i've got 3 problem user accounts, and they look fine in the DB as best i can tell
20:09 donsizemore @pdurbin the one guy's last name is "O'Reilly" but i don't think the single tick would throw things off
20:09 pdurbin donsizemore: and the JSON for all 3 users looks fine too?
20:13 pdurbin Oh, I see, the JSON output only touches the authenticateduser and authenticateduserlookup tables. Not the builtinuser table.
20:14 pdurbin donsizemore: I suspect that the bean validation violation is due to the builtinuser table.
20:15 pdurbin donsizemore: probably the "username" field is in violation. Here's the regex it must conform to: https://github.com/IQSS/dataverse/blob/v4.5/src/main/java/edu/harvard/iq/dataverse/authorization/providers/builtin/BuiltinUser.java#L46
20:24 pdurbin donsizemore: I gotta run soon. Does that help?
20:25 donsizemore @pdurbin yes. looks like i missed this in migration =(
20:25 djbrooke joined #dataverse
20:29 pdurbin easy to miss a gotcha
21:27 djbrooke joined #dataverse
21:41 axfelix joined #dataverse
22:57 djbrooke joined #dataverse

| Channels | #dataverse index | Today | | Search | Google Search | Plain-Text | plain, newest first | summary

Connect via chat.dataverse.org to discuss Dataverse (dataverse.org, an open source web application for sharing, citing, analyzing, and preserving research data) with users and developers.