Project

General

Profile

Bug #1660

Authentication Required from jitp.commons.gc...

Added by Sarah Morgano about 10 years ago. Updated about 10 years ago.

Status:
Resolved
Priority name:
Normal
Assignee:
Category name:
WordPress (misc)
Target version:
Start date:
2012-02-27
Due date:
% Done:

0%

Estimated time:

Description

Hi Boone,

I keep getting a security pop up when I'm on the HOME or NEWS page asking me to enter my username and password to access the jitp.commons.gc.cuny.edu server. I get the same message on IE8/FF8 whether I'm logged in or logged out. I've also been experiencing caching issues, so I'm not sure if it's related. I did try to access one of the blog posts earlier and have been having issues ever since. Can someone else try to replicate this issue?

Thanks,
Sarah

security.jpg (47.7 KB) security.jpg Sarah Morgano, 2012-02-27 12:21 PM

Related issues

Related to CUNY Academic Commons - Bug #1680: JITP password promptResolved2012-03-04

History

#1 Updated by Matt Gold about 10 years ago

  • Status changed from New to Rejected

Hi Sarah,

This is a feature, not a bug. See - http://redmine.gc.cuny.edu/issues/1648

The larger question is how you got to that link. Are posts showing up on the homepage of the Commons?

#2 Updated by Matt Gold about 10 years ago

  • Category name set to WordPress (misc)
  • Status changed from Rejected to Assigned
  • Assignee set to local admin
  • Priority name changed from Normal to Immediate
  • Target version set to Not tracked

Whoops -- didn't realize that the sign-in was appearing on the homepage -- looks like the system implemented in http://redmine.gc.cuny.edu/issues/1648 is affecting the entire site. André, may I ask you to look into this immediately? Many thanks for your help.

#3 Updated by Boone Gorges about 10 years ago

The cause here is the Recent Blog Posts widget on the lower left. It is getting hung up when it attempts to pull assets (ie pictures) from the jitp subdomain.

A note that this only affects logged in users for whom JITP blog post show up in that Recent Blog Posts widget: super admins, and members of the site. So I think it's probably not really an issue.

#4 Updated by Boone Gorges about 10 years ago

Er, I take that back. What I described is the way it ought to work. But blog posts are showing up for logged-out users, probably because the blog has been set to Public.

There's probably no way that André can change this from Apache settings.

#5 Updated by local admin about 10 years ago

Couple things:

1. I tested this in production at the time, so this must be new?

2. Can we get JITP post not posted on the home-page instead?

#6 Updated by local admin about 10 years ago

...like can we make the blog not public?

#7 Updated by local admin about 10 years ago

...but yeah, there may be a way to prevent this: Boone, is the call for the JITP blog posts made internally or via the client request?

#8 Updated by local admin about 10 years ago

...meanwhile I removed the htaccess snippet to allow unfettered access to the website.

#9 Updated by Boone Gorges about 10 years ago

  • Assignee changed from local admin to Boone Gorges

Presumably the blog has to remain public, because the whole point of the .htaccess protection was to provide a method, other than Commons membership, of restricting access.

Can we get JITP post not posted on the home-page instead?

This is the solution. I will have to do an ugly hotfix. The site will be offline for a few minutes.

#10 Updated by Boone Gorges about 10 years ago

André, it looks like you might have .htaccess open (I see a swap file owned by root). Can you close out please?

#11 Updated by local admin about 10 years ago

Boone Gorges wrote:

Presumably the blog has to remain public, because the whole point of the .htaccess protection was to provide a method, other than Commons membership, of restricting access.

Got it.

Can we get JITP post not posted on the home-page instead?

This is the solution. I will have to do an ugly hotfix. The site will be offline for a few minutes.

What exactly is getting called from JITP here? What's the URI for the resource in question? I can't seem to locate it either via logs or firebug.

#12 Updated by local admin about 10 years ago

Boone Gorges wrote:

André, it looks like you might have .htaccess open (I see a swap file owned by root). Can you close out please?

You got it.

#13 Updated by local admin about 10 years ago

The CUNY Academic Commons is offline for regularly scheduled maintenance.

Is this really necessary? Can't we just work from dev?

#14 Updated by Boone Gorges about 10 years ago

  • Status changed from Assigned to Reporter Feedback

Is this really necessary? Can't we just work from dev?

Too late.

I've added a function to bp-custom.php (cac_bloc_jitp_activity()) that catches all Activity queries and manually excludes all posts from the JITP groupblog. Here is the clause:

(a.type NOT IN ('new_blog_post', 'new_blog_comment') OR a.component != 'groups' OR a.item_id != 368)

Note that this also prevents group members from seeing activity items related to the blog.

Let me know when it's OK to lift this restriction.

#15 Updated by Matt Gold about 10 years ago

Hi All,

Thanks for your work on this and sorry I missed the ensuing conversation while I was on the subway. Just FYI, I think that a simple switch on the blog's privacy settings, from fully public to public but prevent search engines, would have had the effect of keeping this site's blog posts out of the activity stream and thus off of the homepage.

Nevertheless, thank you so much for working on this so quickly.

Best,

Matt

#16 Updated by Boone Gorges about 10 years ago

  • Status changed from Reporter Feedback to Resolved

I think that a simple switch on the blog's privacy settings, from fully public to public but prevent search engines, would have had the effect of keeping this site's blog posts out of the activity stream and thus off of the homepage.

Not for existing activity items, which were the ones causing problems.

#17 Updated by Matt Gold about 10 years ago

Gotcha. Had I realized the potential for this, I would had them set up privacy differently from the beginning. Live and learn. Thanks for your work on this

#18 Updated by Boone Gorges about 10 years ago

  • Status changed from Resolved to Reporter Feedback
  • Priority name changed from Immediate to Normal
  • Target version changed from Not tracked to 1.3.9

Can I lift the restriction on this, so that JITP items appear in the main activity streams again?

#19 Updated by Matt Gold about 10 years ago

Yes, please. Thank you!

#20 Updated by Boone Gorges about 10 years ago

  • Status changed from Reporter Feedback to Resolved

Also available in: Atom PDF