Manuel Vacelet (vaceletm)2024-06-18 17:47 gerrit #31334 integrated in 15.9.99.154 Status changed from Under review to ClosedConnected artifacts Added Fixed in: rel #36799Close date set to 2024-06-18
Laetitia Huyghe (lhuyghe)2024-06-07 13:24Assigned to changed from Dejan Savuljesku (dsavuljesku) to Manuel Vacelet (vaceletm)
Laetitia Huyghe (lhuyghe)2024-06-07 13:24 This change has been reviewed and merged. You can now review and test it. https://gerrit.wikimedia.org/r/c/mediawiki/extensions/TuleapIntegration/+/1038252
Laetitia Huyghe (lhuyghe)2024-06-04 09:27 Hello, some update about it: The implementation is done: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/TuleapIntegration/+/1038252 This needs now to be reviewed and merged. I'll let you know.
Sabine Gürtler (sguertler)2024-05-31 11:49 Since Laetitia is out of office: Due to the public holiday this week, the delivery date will be Monday, June 3rd.
Laetitia Huyghe (lhuyghe)2024-05-23 10:18 Update: the developement of this task is planned for next week
Laetitia Huyghe (lhuyghe)2024-05-13 11:38 last edited by: Laetitia Huyghe (lhuyghe) 2024-05-13 11:40 Estimated time: 3 hours We will then implement it
Dejan Savuljesku (dsavuljesku)2024-05-13 11:34 Hello @tgerbet ok, i wasnt aware of this issue. Yes, this can probably be solved easily Best, Dejan
Laetitia Huyghe (lhuyghe)2024-05-07 10:14Assigned to changed from Manuel Vacelet (vaceletm) to Dejan Savuljesku (dsavuljesku)
Laetitia Huyghe (lhuyghe)2024-05-07 10:14 Thank you Thomas for the detailed information. We will check and analyse it again.
Thomas Gerbet (tgerbet)2024-05-06 17:41 The refresh_token is not really suitable here, it grants a long lived token per user and as a general rule this should be avoided. Also, as specified in the OIDC specification when using it it is mandatory to request the offline_access scope which require consent every single time. Also I'm a bit confused about when this token would be used, it is used elsewhere then when retrieving the sidebar/theme info almost right after the login flow? We might have 2 issues mixed in this situation. For When someone stay on a page for too long and reload the page (either Ctrl + R or restart of browser with tabs that reloads the previously browsed pages) => we end up on "tuleaplogin" page that doesn't do any login and we loose the original page. There is a quick way to reproduce it: In fresh browser (no cookie/session whatever), access to /index.php?title=Special:TuleapLogin&returnto=Main_Page The auth flow happens and we are properly redirected to Main_Page Access /index.php?title=Special:TuleapLogin&returnto=Main_Page again, nothing happens. We are still properly authenticated so I would have expected to be redirected to the Main_Page directly We end up on this page when browser tabs are restored after a start or frozen then restored by the browser if you keep them without using it for a quite a long time. I'm not sure why we end up on this page but we should be probably redirected anyway. I'm guessing this is the part of the code that is incorrect: https://github.com/wikimedia/mediawiki-extensions-TuleapIntegration/blob/d2ff0b6efa2aa7a49934bde92ede165ace4cfaf7/src/Special/TuleapLogin.php#L231-L242 as it always expects to find the value from the session which it is not the case when it's a direct access. Attachments image.png addedBy Thomas Gerbet (tgerbet)(29 kB)image.png
Laetitia Huyghe (lhuyghe)2024-05-06 16:55Assigned to changed from Dejan Savuljesku (dsavuljesku) to Manuel Vacelet (vaceletm)
Laetitia Huyghe (lhuyghe)2024-05-06 16:54 @vaceletm we have analysed this topic. One thing that worries us is that in the code it says "Cannot refresh" as a comment for when the token has expired. So we have an important question: Is the refresh token flow supported on Tuleap? Can you please confirm? If yes, it would take us about 4 hours to implement this refresh_token.
Laetitia Huyghe (lhuyghe)2024-04-25 14:28Assigned to changed from Laetitia Huyghe (lhuyghe) to Dejan Savuljesku (dsavuljesku)
Manuel Vacelet (vaceletm)2024-04-24 10:36 @lhuyghe can this be analyzed ? Status changed from New to VerifiedAssigned to changed from None to Laetitia Huyghe (lhuyghe)
Manuel Vacelet (vaceletm)2024-01-15 11:54 Is session-loss a general issue? Like the session expires too quickly / gets lost frequently? I don't think so. It's a good thing if the session expire "quickly" as long as it's transparent for the end user. It's the best way we have to ensure that user still have access to Tuleap. It may be a good idea to use the database as a session store, if that's not already the case. It's already used: https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=blob&f=plugins/mediawiki_standalone/additional-packages/mediawiki-tuleap-config/LocalSettings.Tuleap.php#L153
Robert Vogel (rvogel)2024-01-15 10:25 last edited by: Robert Vogel (rvogel) 2024-01-15 10:25 I will discuss with @dsavuljesku. Is session-loss a general issue? Like the session expires too quickly / gets lost frequently? It may be a good idea to use the database as a session store, if that's not already the case. $GLOBALS['wgSessionCacheType'] = CACHE_DB; See https://www.mediawiki.org/wiki/Manual:$wgSessionCacheType