Page MenuHomePhabricator
Create Task
Maniphest T180336

PAWS public-link is lowercase but the paws-public server is case-sensitive
Closed, ResolvedPublic
Actions

Description

The current public link button on each notebook points to a lowercase version of the username. The paws-public.wmflabs.org/paws-public/ endpoint, however, will throw a 404 for users that have an uppercase letter that is not the first letter.

For example, my ChicoBot account can have its notebooks accessed via http://paws-public.wmflabs.org/paws-public/User:chicoBot/ or http://paws-public.wmflabs.org/paws-public/User:ChicoBot/ . The button, however, points to http://paws-public.wmflabs.org/paws-public/User:chicobot/ which is not found.

Related Objects

Event Timeline

Chicocvenancio created this task.Nov 13 2017, 12:58 PM
Framawiki subscribed.Dec 2 2017, 12:39 PM
Edgars2007 triaged this task as High priority.Dec 10 2017, 6:20 AM
Edgars2007 subscribed.

Setting it to high. Because of it many users can't use PAWS

Tbayer awarded a token.Jan 16 2018, 4:26 PM
Tbayer subscribed.
Chicocvenancio added a subscriber: yuvipanda.EditedJan 23 2018, 9:24 PM

@yuvipanda Adding you here because I can't really figure out how that public link button is created and where I might try to look to fix it. (we could go to something like location ~* on nginx, but it might have performance impacts).

Chicocvenancio added a comment.EditedFeb 5 2018, 7:47 PM

Seeing https://github.com/yuvipanda/nbpawspublic/blob/master/nbpawspublic/static/main.js it seems the public link is a simple replace upon the "private" link. This makes for a weird "technical" possibility of two users having the same link, however, since we have policies against "similar usernames" this isn't a real issue for Wikimedia wikis and PAWS. (eg Chicobot and ChicoBot)

It is likely, however, that the simplest solution is to change nginx on the public links to match the behaviour for private links.

Chicocvenancio added a comment.Feb 19 2018, 3:58 PM

It seems private paws links are unaffected by user input and likely will not create problems for user with cased versions of other users. It does seem like a good idea to set the usernames in these links to their proper case, however. And it would resolve this issue.

zhuyifei1999 subscribed.Feb 19 2018, 4:19 PM
Chicocvenancio added a comment.Feb 23 2018, 1:08 AM

Apparently Jupyterhub lowercases every username.

Does anyone know a way to query the mediawiki api for case-insensitive usernames? We could send the public link to the centralid (in the case of a single user for a case insensitive user search, which would be most of them).

At any rate, I'll start an issue upstream to see the reason for that and maybe allow us to use case sensitive names.

Chicocvenancio added a project: Upstream.Feb 23 2018, 1:40 AM

Upstream issue: https://github.com/jupyterhub/oauthenticator/issues/168.

Chicocvenancio changed the task status from Open to Stalled.Feb 23 2018, 1:54 AM
Chicocvenancio merged a task: T185433: Public link fails with 404. It composes wrong url..Feb 25 2018, 7:29 PM
Chicocvenancio moved this task from Backlog to MVP (Most Valuable PAWS) on the PAWS board.
Chicocvenancio added a subscriber: Herzi.Pinki.
Chicocvenancio changed the task status from Stalled to Open.Mar 10 2018, 12:19 AM
Chicocvenancio claimed this task.

The PR I sent there solves this. Confirmed it by overriding the method in paws-beta. I am a bit worried about unintended consequences of changing the usernames for every PAWS user though.

Small tests in paws-beta indicate nothing will change (username will only change if user logs out, keep the directory, no visible adverse effects). To be safe, however, I think it is wise to have a script lookup the case-sensitive version of every user on the database and then updating the db to match it. We'd also need to invalidate every session so users need to login again and "change" their username.

Tbayer added a comment.May 9 2018, 10:01 PM

Thanks for your work on this! (speaking as one of the victims, as user HaeB != haeb)
It seems that your upstream pull request has since gotten merged?

Chicocvenancio changed the task status from Open to Stalled.EditedMay 14 2018, 2:56 PM

@Tbayer I was hoping for a release of oauthenticator before using this in production, but we can push it out before. One blocker we do have at this point is that this will involve a lot of db activity, and the current sqlite db is very non-performant. We are waiting for the next jupyterhub release that has a fix for that. Basically T193828 is a blocker for this at this point.

On the good news side, I don't expect this to take more than a month or so.

Chicocvenancio closed this task as Resolved.May 19 2018, 7:23 PM

Resolved with https://github.com/yuvipanda/paws/commit/58ba2961a2d94d48ce1a2e282a6f058638a6b4cd

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL