details: http://www.bx.psu.edu/hg/galaxy/rev/87f793e3dce5 changeset: 1671:87f793e3dce5 user: Greg Von Kuster <greg@bx.psu.edu> date: Tue Dec 16 10:04:30 2008 -0500 description: Server errors thrown when switching between Galaxy and reports in the same browser was due to the id_secret being different in the Galaxy config and the reports config, so add comments to ensure this is not repeated. 4 file(s) affected in this change: lib/galaxy/config.py lib/galaxy/webapps/reports/config.py reports_wsgi.ini.sample universe_wsgi.ini.sample diffs (79 lines): diff -r cdb2935dc336 -r 87f793e3dce5 lib/galaxy/config.py --- a/lib/galaxy/config.py Mon Dec 15 17:04:06 2008 -0500 +++ b/lib/galaxy/config.py Tue Dec 16 10:04:30 2008 -0500 @@ -35,6 +35,9 @@ self.test_conf = resolve_path( kwargs.get( "test_conf", "" ), self.root ) self.tool_config = resolve_path( kwargs.get( 'tool_config_file', 'tool_conf.xml' ), self.root ) self.tool_secret = kwargs.get( "tool_secret", "" ) + # CRITICAL: the value of id_secret MUST be the same in universe_wsgi.ini and reports_wsgi.ini + # or the framework's __ensure_valid_session method will throw exceptions when switching between + # Galaxy and the reports in the same browser. self.id_secret = kwargs.get( "id_secret", "USING THE DEFAULT IS NOT SECURE!" ) self.use_remote_user = string_as_bool( kwargs.get( "use_remote_user", "False" ) ) self.remote_user_maildomain = kwargs.get( "remote_user_maildomain", None ) diff -r cdb2935dc336 -r 87f793e3dce5 lib/galaxy/webapps/reports/config.py --- a/lib/galaxy/webapps/reports/config.py Mon Dec 15 17:04:06 2008 -0500 +++ b/lib/galaxy/webapps/reports/config.py Tue Dec 16 10:04:30 2008 -0500 @@ -25,14 +25,14 @@ # Where dataset files are stored self.file_path = resolve_path( kwargs.get( "file_path", "database/files" ), self.root ) self.new_file_path = resolve_path( kwargs.get( "new_file_path", "database/tmp" ), self.root ) + # CRITICAL: the value of id_secret MUST be the same in universe_wsgi.ini and reports_wsgi.ini + # or the framework's __ensure_valid_session method will throw exceptions when switching between + # Galaxy and the reports in the same browser. self.id_secret = kwargs.get( "id_secret", "USING THE DEFAULT IS NOT SECURE!" ) self.use_remote_user = string_as_bool( kwargs.get( "use_remote_user", "False" ) ) self.template_path = resolve_path( kwargs.get( "template_path", "templates" ), self.root ) self.template_cache = resolve_path( kwargs.get( "template_cache_path", "database/reports/compiled_templates" ), self.root ) - self.admin_pass = kwargs.get('admin_pass',"galaxy") self.sendmail_path = kwargs.get('sendmail_path',"/usr/sbin/sendmail") - self.mailing_join_addr = kwargs.get('mailing_join_addr',"galaxy-user-join@bx.psu.edu") - self.error_email_to = kwargs.get( 'error_email_to', None ) self.brand = kwargs.get( 'brand', None ) self.wiki_url = kwargs.get( 'wiki_url', "http://g2.trac.bx.psu.edu/" ) self.bugs_email = kwargs.get( 'bugs_email', "mailto:galaxy-bugs@bx.psu.edu" ) diff -r cdb2935dc336 -r 87f793e3dce5 reports_wsgi.ini.sample --- a/reports_wsgi.ini.sample Mon Dec 15 17:04:06 2008 -0500 +++ b/reports_wsgi.ini.sample Tue Dec 16 10:04:30 2008 -0500 @@ -36,15 +36,16 @@ session_key = galaxysessions session_secret = changethisinproduction +# Galaxy session security +# The value of id_secret MUST be the same as the value of id_secret in universe_wsgi.ini +id_secret = changethisinproductiontoo + # Configuration for debugging middleware debug = true use_lint = false # NEVER enable this on a public site (even test or QA) # use_interactive = true - -# Admin Password -admin_pass = "galaxy" # path to sendmail sendmail_path = /usr/sbin/sendmail @@ -58,10 +59,6 @@ # Profiling middleware (cProfile based) ## use_profile = True -# Mail -smtp_server = coltrane.bx.psu.edu -error_email_to = galaxy_bugs@bx.psu.edu - # Use the new iframe / javascript based layout use_new_layout = true diff -r cdb2935dc336 -r 87f793e3dce5 universe_wsgi.ini.sample --- a/universe_wsgi.ini.sample Mon Dec 15 17:04:06 2008 -0500 +++ b/universe_wsgi.ini.sample Tue Dec 16 10:04:30 2008 -0500 @@ -73,6 +73,7 @@ session_secret = changethisinproduction # Galaxy session security +# The value of id_secret MUST be the same as the value of id_secret in reports_wsgi.ini id_secret = changethisinproductiontoo # Use user provided in an upstream server's $REMOTE_USER variable