Time  Nick            Message
00:09 irmab           hi #koha
01:39 kidclamp        @later tell tcohen I will be in as early as possible but your turn to chair :b
01:39 huginn          kidclamp: The operation succeeded.
06:12 drojf           morning #koha
06:27 * mtj           waves to drojf
06:31 drojf           hi mtj
06:34 * cait          waves
06:35 cait            16.11.04 is out! :)
06:36 drojf           hi cait
06:39 drojf           cait++
06:39 drojf           cait: any weird things i should be looking out for
06:40 drojf           ?
06:40 cait            i hope not
06:40 cait            it's the biggest one so far, but i hope i haven't missed something
06:41 cait            the nightly is green at least
06:41 cait            :)
06:42 drojf           the nightly was also green when postinst was broken in master :P it needs more checks, so far it assumes package built=done
06:42 drojf           but sounds good :)
07:01 LibraryClaire   morning #koha
07:01 drojf           hi LibraryClaire
07:01 LibraryClaire   moin drojf
07:11 reiveune        hello
07:13 LibraryClaire   hi reiveune
07:30 mtj             congrats cait++  - i am working on a 16.05.x release now
07:30 cait            mtj++ :)
07:30 cait            bbia
07:30 cait            b
07:31 drojf           16.11.04 package is out
07:59 magnuse         drojf++
08:00 * magnuse       waves
08:00 magnuse         @wunder enbo
08:00 drojf           hei magnuse
08:00 huginn          magnuse: The current temperature in Bodo, Norway is -7.0°C (8:50 AM CET on February 22, 2017). Conditions: Clear. Humidity: 74%. Dew Point: -11.0°C. Windchill: -16.0°C. Pressure: 28.88 in 978 hPa (Falling).
08:00 drojf           @wunder sxf
08:00 huginn          drojf: The current temperature in Berlin Schoenefeld, Germany is 9.0°C (8:50 AM CET on February 22, 2017). Conditions: Mostly Cloudy. Humidity: 87%. Dew Point: 7.0°C. Pressure: 29.50 in 999 hPa (Steady).
08:00 magnuse         20 cm of fresh powdery snow this morning!
08:01 drojf           magnuse: i am so happy for you
08:01 magnuse         :-)
08:02 drojf           there was supposed to be snow again next week. i have not checked again. i hope not
08:05 drojf           it says 13° for that day now. nice
08:11 drojf           is anyone using koha with vufind?
08:11 liw             @wunder helsinki
08:11 huginn          liw: The current temperature in Helsinki, Finland is -3.0°C (9:50 AM EET on February 22, 2017). Conditions: Mostly Cloudy. Humidity: 74%. Dew Point: -7.0°C. Windchill: -10.0°C. Pressure: 29.36 in 994 hPa (Falling).
08:18 gaetan_B        hello
08:29 Joubu           hi #koha
08:29 LibraryClaire   bonjour Joubu
08:29 LibraryClaire   hi gaetan_B
08:46 cait            drojf++
09:03 magnuse         cait++
09:03 magnuse         gaetan_B: it's skrei-season again!
09:04 gaetan_B        oooh, i guess you'll have to take another serving for me then ! it doesn't seem like i'll make it to Norway this time
09:19 nlegrand        Hello !
09:19 nlegrand        If I have a bug on master that is also affecting 6.11, should I cc 6.11 release maintainers?
09:23 Joubu           it's 11.6, not 6.11 :)
09:23 nlegrand        Joubu: ho right :)
09:23 Joubu           Nope, they watch the "push to master" bug list
09:23 Joubu           so no need to cc them
09:23 nlegrand        not quite awaken yet ^^
09:24 Joubu           nlegrand: what bug is it?
09:24 nlegrand        Bug 18150, very easy one :)
09:24 huginn          04Bug http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18150 normal, P4, ---, koha-bugs, NEW , CanItemBeReserved doesn't work with (IndependentBranches AND ! canreservefromotherbranches)
09:24 nlegrand        patch coming=
09:25 Joubu           and it's 17.5..
09:25 Joubu           well it's year.month, ok? :)
09:25 Joubu           nlegrand: do you plan to submit a patch?
09:25 nlegrand        :)
09:26 nlegrand        Joubu: in a few seconds
09:27 nlegrand        10:23 <@Joubu> it's 11.6, not 6.11 :) <- you meant 16.11 right ? ^^
09:28 * cait          sends coffee :)
09:28 * Joubu         grabs more tea
09:39 eythian         hi
09:39 eythian         @wunder ams
09:39 huginn          eythian: The current temperature in Amsterdam, Netherlands is 10.0°C (10:25 AM CET on February 22, 2017). Conditions: Scattered Clouds. Humidity: 87%. Dew Point: 8.0°C. Pressure: 29.65 in 1004 hPa (Steady).
09:39 eythian         two digits!
09:43 drojf           hi eythian
09:43 eythian         hello drojf
09:46 drojf           @wunder sxf
09:46 huginn          drojf: The current temperature in Berlin Schoenefeld, Germany is 10.0°C (10:20 AM CET on February 22, 2017). Conditions: Light Rain. Humidity: 87%. Dew Point: 8.0°C. Pressure: 29.50 in 999 hPa (Steady).
09:46 drojf           ha
09:47 eythian         you're just copying my weather
09:47 drojf           heh
09:47 drojf           i did a migration error and got light rain though
09:49 eythian         yeah, that was silly
09:49 eythian         that was fixed a few hours ago in my version.
09:50 * drojf         rebases weather
09:50 magnuse         @wunder enbo
09:50 huginn          magnuse: The current temperature in Bodo, Norway is -6.0°C (10:20 AM CET on February 22, 2017). Conditions: Clear. Humidity: 74%. Dew Point: -10.0°C. Windchill: -15.0°C. Pressure: 28.85 in 977 hPa (Falling).
09:51 magnuse         git remote add amsterdam
10:07 LibraryClaire   @wunder konstanz
10:07 huginn          LibraryClaire: The current temperature in Jungerhalde, Konstanz, Germany is 10.5°C (11:06 AM CET on February 22, 2017). Conditions: Overcast. Humidity: 79%. Dew Point: 7.0°C. Pressure: 30.04 in 1017 hPa (Steady).
10:20 eythian         oooh, look at you with your extra 0.5°. Showoff ;)
10:21 LibraryClaire   *flex*
11:17 rsantellan      good morning #koha
11:55 magnuse         @wunder marseille
11:55 huginn          magnuse: Error: No such location could be found.
11:55 magnuse         @wunder marseille, france
11:55 huginn          magnuse: The current temperature in Marseille, France is 16.0°C (12:30 PM CET on February 22, 2017). Conditions: Clear. Humidity: 55%. Dew Point: 7.0°C. Pressure: 30.12 in 1020 hPa (Steady).
11:55 magnuse         whoa!
11:59 drojf           nice
11:59 drojf           magnuse: are you going to the hackfest?
12:02 magnuse         sadly, no
12:02 magnuse         ooh, dev meeting in ~1 hour?
12:03 magnuse         https://wiki.koha-community.org/wiki/Development_IRC_meeting_22_February
12:03 drojf           i keep missing those
12:03 drojf           or not knowing of them
12:04 drojf           somebody should invent a thing where all days are listed and you enter what stuff you want to do
12:04 magnuse         ooh, sounds like a clever idea
12:05 magnuse         you should patent it!
12:05 drojf           then i only need somebody to look at it once in a while and tell me what it says
12:06 magnuse         even better!
12:11 marcelr         hi #koha
12:12 drojf           oh
12:12 drojf           nevermind
12:12 drojf           hi marcelr
12:12 marcelr         hey drojf
12:15 drojf           i get this, any ideas what it means?`http://paste.koha-community.org/323
12:16 drojf           trying to get it working with newer catmandu and stuff
12:17 Joubu           drojf: I did not get this one, but got errors in ES log because I was using Catmandu::Store::ElasticSearch instead of Catmandu::Store::Elasticsearch
12:17 Joubu           S vs s
12:18 drojf           hm yes i think i saw something like that before
12:31 * druthb        waves blearily.
12:31 francharb       good morning all
12:33 * LibraryClaire waves
12:38 oleonard        Hi all
12:39 LibraryClaire   hi oleonard
12:40 druthb          g'morning, oleonard. :)
12:46 eythian         hi oleopard
12:49 LibraryClaire   wahanui?
12:49 LibraryClaire   :O
12:49 drojf           ding dong the bot is dead
12:49 LibraryClaire   I thought it was too quiet
12:49 oleonard        wahanui is having a poolside beer with rangi right now
12:51 drojf           why don't we have a pool bar for meetings?
12:51 * druthb        seconds drofj's idea
12:51 * druthb        pokes at her keyboard, and tries again:  drojf.
12:52 drojf           druthb!
12:52 druthb          drojf!
12:52 drojf           :)
12:52 drojf           now i forgot what i was going to do because pool
12:55 jajm            hi #koha
12:55 marcelr         hi jajm
12:56 jajm            marcelr, i think i'll be able to qa 18070 today :)
12:56 marcelr         ok that would be very nice :)
13:02 marcelr         hey kidclamp
13:02 kidclamp        hi marcelr
13:02 marcelr         are you chairing the meeting?
13:03 kidclamp        if tcohen isn;t here I suppose so
13:03 * LibraryClaire waves
13:03 marcelr         where is tcohen when you need him ;)
13:03 kidclamp        #startmeeting Development IRC meeting 22 February
13:03 huginn          Meeting started Wed Feb 22 13:03:58 2017 UTC.  The chair is kidclamp. Information about MeetBot at http://wiki.debian.org/MeetBot.
13:03 huginn          Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
13:03 huginn          The meeting name has been set to 'development_irc_meeting_22_february'
13:04 kidclamp        #topic Introductions
13:04 oleonard        [off] Yay I'm actually here for a meeting!
13:04 marcelr         #info Marcel de Rooy, Rijksmuseum
13:04 kidclamp        #info Nick Clemens, ByWater Solutions
13:04 cait            #info Katrin Fischer, BSZ, Germany
13:04 oleonard        #info Owen Leonard, Athens County Public Libraries, USA
13:04 LibraryClaire   #info Claire Gravely, BSZ, Germany
13:04 jajm            #info Julian Maurice, BibLibre, France
13:04 Joubu           #info Jonathan Druart
13:04 drojf           #info Mirko Tietgen, Berlin, Germany
13:05 benjamin        #info Benjamin Rokseth , Oslo, Norway
13:05 kidclamp        #topic Announcements
13:05 marcelr         I have two small 'announcements'
13:06 marcelr         The first is: Three sec patches are still pending: 18010, 18019 in NSO and 18124 in SO.
13:06 d_antonakis     #info Dimitris Antonakis, Athens, Greece
13:06 marcelr         18124 is from Joubu, the other two from me
13:06 marcelr         and second:
13:06 marcelr         On the auth merge front I am hoping for a QA of 18070 from Julian maybe today and I will submit the next patch set 9988 very soon. Will be the last fundamental change to merge in this series. After that some smaller things left.
13:06 kidclamp        #info three security patches need attention: 18010, 18019, 18124
13:07 marcelr         So hope for some feedback then
13:07 kidclamp        #info Authority merge set needs QA on 18070 - is waiting for patch on 9988 (coming soon) and then fundamental changes will be done
13:07 kidclamp        thanks marcelr
13:08 kidclamp        Lets ping khall and see if we have release announcements
13:08 barton          #info Barton Chittenden, BWS, Louisville KY
13:09 kidclamp        skipping 17.05 for now
13:09 kidclamp        #topic Updates from the Release Maintainers
13:09 kidclamp        cait?
13:09 cait            yes?
13:09 cait            ah
13:09 cait            sorry, was looking at the bugs :)
13:09 cait            #info 16.011.04 was reeleased today, it includes 3 enh and 41 bugfixes
13:10 cait            I think we killed a lot of bad bugs with this one, getting it nice and stable
13:10 kidclamp        cait++
13:10 marcelr         cait++
13:10 cait            hope there is not much more to be found :)
13:10 druthb          cait++
13:11 cait            that's it basically
13:11 druthb          #info D Ruth Bavousett, no one of consequence
13:11 cait            i plan to stick to schedule for the next one as well
13:11 cait            that's it from me :)
13:11 kidclamp        any updates jajm or mtj?
13:12 kidclamp        thanks cait
13:12 kidclamp        #topic Updates from the QA team
13:12 kidclamp        no Joubu today?
13:12 Joubu           yep
13:13 barton          [aside] /me notes that druthb *is* of consequence; he uses her scripts often ;-)
13:13 kidclamp        ah, ops list :-)
13:13 jajm            kidclamp, 3.22.17 was released on monday, but nothing special with this release :)
13:13 Joubu           I have things to highglitht, but for next topic
13:13 druthb          [aside] /me thanks barton
13:13 Joubu           I need help to QA patches, nothing new, nothing else...
13:13 kidclamp        #info 3.22.17 was released monday
13:14 kidclamp        #info Keep QAing please and watch the queue doesn't get too big
13:14 marcelr         65 now
13:14 kidclamp        #topic General development discussion (trends, ideas, ...)
13:14 kidclamp        go for it Joubu
13:15 Joubu           So, 5 things to highlight:
13:15 Joubu           1. As we now have marcxml out of bibitems, we need bug 17898, which is really easy to test
13:15 * drojf         queues in line
13:15 huginn          04Bug http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17898 enhancement, P5 - low, ---, jonathan.druart, Needs Signoff , Add a way to automatically convert SQL reports
13:15 Joubu           2. Bug 17961 should be very easy to test and QA, it just adds tests. Please make it move forward quickly
13:15 huginn          04Bug http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17961 enhancement, P5 - low, ---, jonathan.druart, ASSIGNED , TT syntax for notices - Prove we have an equivalent for our historical custom syntax
13:15 * kidclamp      queues behind drojf
13:15 marcelr         still assigned
13:15 Joubu           see deps
13:15 magnuse         #info Magnus Enger, Libriotech, Norway
13:15 Joubu           it's an omnibus
13:15 Joubu           3. bug 16846 is a big one, but should be interesting to get it in. We will manipulate patron object (almost) everywhere
13:15 huginn          04Bug http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16846 enhancement, P5 - low, ---, jonathan.druart, ASSIGNED , Move patron related code to Koha::Patron
13:16 kidclamp        #info please test 17898, convertin greports after marcxml move
13:16 Joubu           still assigned, no patches, too  many deps, but there is a remote branch with evrything on it
13:16 kidclamp        #info bug 17961 adds test, please test and qa
13:16 Joubu           4. Hea has been moved to another server, I will be able to access it to clean the DB and upgrade the code. It would be great to get somebody involves on bug 18066
13:16 huginn          04Bug http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18066 enhancement, P5 - low, ---, jonathan.druart, Needs Signoff , Hea - Version 2
13:16 Joubu           And finally, 5. We need testers from different countries for the onboarding tool ft (bug 17855 and bug 18039). I provided patches for 18039 and will QA 17855. Cannot test 18039
13:16 huginn          04Bug http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17855 enhancement, P5 - low, ---, alexbuckley, Signed Off , Updated Koha web installer and new onboarding tool feature to guide users through setting up Koha
13:16 huginn          04Bug http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18039 enhancement, P5 - low, ---, jonathan.druart, Needs Signoff , Move the mandatory and optional files for non-english languages into 'default' directory so bug 17855 permits use of other languages
13:16 kidclamp        #info bug 16846 move to Koha::Patron - dependency tree needs help
13:16 marcelr         bug 18039
13:17 oleonard        I started to test 18066 Joubu, but ran out of time. I hope to take another crack at it
13:17 cait            i will try to test the german installer for the onboarding tool
13:17 magnuse         oleonard++
13:17 Joubu           Nothing really, I highlight these things in the last 2 "what's on in koha-devel" email, but do not get help
13:17 cait            but bit short of time for the next 2 weeks
13:17 kidclamp        #info bug 17855 and 18039 Onboarding tool needs broad testing from different countries
13:18 LibraryClaire   I can take a look at the 17898
13:18 Joubu           About the lang isntaller, we may need to discuss about removing ru-RU and uk-UA...
13:18 marcelr         they seem unsupported
13:19 marcelr         send a mail to the list?
13:19 marcelr         and remove them?
13:19 marcelr         you can still find them in git, update them and get them back in later
13:19 Joubu           yep
13:20 cait            i think maybe send an email to the translate list
13:20 cait            the translations I think are maintained
13:20 cait            i tmight lack someone comfortable with git
13:20 cait            would not be nice to break it for them - what's he problem?
13:20 cait            coudl we restructure to bring it in line with the other installers?
13:20 Joubu           #info bug 14302 has a patch, to kick GRS-1 related code
13:20 huginn          04Bug http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14302 enhancement, P5 - low, ---, jonathan.druart, Needs Signoff , Remove GRS1 indexing related code
13:21 marcelr         cait: if they are half english, why keep them?
13:21 cait            why not keep them?
13:21 kidclamp        #info discussion on maintenance/removal of ru-RU and uk-UA as they seem unsupported
13:21 marcelr         because no one maintains them
13:21 cait            if there is a bit translated, it's still helping
13:21 cait            i can read a bit of russian
13:21 cait            i can try to take a look
13:22 Joubu           IIRC They were broken for a while, and nobody complained (ok it's not a valid reason)
13:23 Joubu           The other way around is to push the onboarding patches and test the feature after it's in...
13:23 * Joubu         is hidden already
13:23 cait            i can still see you! :)
13:24 marcelr         yeah Joubu: why not dismiss the qa team
13:24 Joubu           Yesterday Alex suggested to push it for English, then push it for other languages
13:24 cait            the problem was that it breaks the ohter languages
13:24 Joubu           to me it's not really acceptable to have a feature for English only
13:24 cait            yeah
13:24 Joubu           nobody will care for others for sure
13:24 cait            so that's a big regression
13:24 cait            maybe we can give it a bit more time?
13:24 Joubu           if can still if else...
13:25 Joubu           we can still if else...
13:25 cait            if else?
13:25 Joubu           if english: onboarding
13:25 Joubu           else: no onboarding
13:25 cait            ah
13:26 cait            it hink we should offer it for all languages
13:26 drojf           for all but english
13:26 cait            as a goal - still time until release
13:26 drojf           sorry
13:26 kidclamp        need a vote or still discussion and waiting? I think maybe we should send something to list
13:26 Joubu           it's on bug 17855 comment 166 (last one)
13:26 huginn          04Bug http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17855 enhancement, P5 - low, ---, alexbuckley, Signed Off , Updated Koha web installer and new onboarding tool feature to guide users through setting up Koha
13:26 cait            can we postpone it till next meeting?
13:26 kidclamp        agreed
13:26 cait            and see if it gets tested until then?
13:26 Joubu           I sent something on the list already...
13:27 kidclamp        indded you did :-)
13:27 Joubu           yes, move on
13:28 kidclamp        drojf?
13:28 drojf           oh
13:28 * drojf         panics
13:28 drojf           i tried to backport/build all packages related to elasticsearch in koha. that includes getting libsearch-elasticsearch-perl into debian, backporting libcatmandu-perl 1.03* from debian unstable, packaging libcatmandu-store-elasticsearch-perl (not in debian yet) and some dependencies
13:28 drojf           i had to change the package dependencies for some of the backports to make them work in debian jessie. i have emailed the maintainer to check if that may have any negative consequences, i don't think it does. they were build dependencies and the build worked anyway
13:28 drojf           i have not uploaded it yet and i wonder if it makes sense to put it in a separate repository first. it could break dev setups and it might be nicer to have a choice
13:29 drojf           i tried a koha + ES setup with it and indexing gave an error. it may or may not have anything to do with the packages. i have not investigated a lot. http://paste.koha-community.org/323
13:29 oleonard        [aside] drojf types fast when he panics
13:29 drojf           i do
13:29 drojf           :D
13:29 kidclamp        #info discussion on onboarding tool - will table to next meeting to decide if push with english first and other langugages as they are tested or how to proceed
13:29 druthb          [aside] /me chuckles
13:30 drojf           that's all from me
13:30 drojf           [aside] aside is the new off?
13:31 oleonard        [off] Testing required.
13:31 kidclamp        #info Mirko is working on packaging ES dependencies but has hit an error or two - investigating as a separeate repository until all wrinkles ironed out
13:31 kidclamp        #link http://paste.koha-community.org/323 Error Mirko encountered
13:31 kidclamp        thanks Joubu drojf
13:32 kidclamp        I just had a quick thing, working on facets a buit with elastic and hit some snags while trying to change language codes into display values
13:32 kidclamp        I wondered if anyone had any thoughts on storing the display values in elastic when indexing as opposed to feteching them from codes when displaying
13:33 Joubu           You do not want to store the display values
13:33 kidclamp        why?
13:33 Joubu           if they change, you will have to reindex everything
13:33 kidclamp        hmm...true
13:33 kidclamp        how often do they change :-)
13:34 eythian         kidclamp: you'll have to deal with multiple languages too
13:34 kidclamp        ah, if they use translations, fair point
13:34 Joubu           They should not change so often, but I do not think it's something to do
13:34 Joubu           It's the same for other AVs
13:35 kidclamp        good points all, thnak you - had only breifly thought so far
13:35 Joubu           kidclamp: do you have a bug number to follow?
13:35 kidclamp        will be followup to bug 17169 to add language facets
13:35 huginn          04Bug http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17169 enhancement, P5 - low, ---, nick, Failed QA , Add facets for ccode to elasticsearch
13:36 kidclamp        but language tables are ugly
13:36 Joubu           yes they are...
13:37 kidclamp        that is all for me
13:37 Joubu           kidclamp: last time I played with that it was for bug 17762
13:37 huginn          04Bug http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17762 enhancement, P5 - low, ---, jonathan.druart, Signed Off , Ability to translate notices
13:37 cait            how would new ones get added?
13:37 cait            i mean, where do you get the descriptons to feed into elastic?
13:37 Joubu           There may be some things to help you
13:37 kidclamp        #info kidclamp will followup 17169 with language facets
13:37 kidclamp        currently they come from language tables cait
13:37 cait            ah
13:37 kidclamp        thanks Joubu
13:38 cait            there was a bug somewhere to move those out of the db
13:38 cait            there is no way for people to add translations there easily and htey are very incomplete
13:38 kidclamp        ah, I briefly remember that
13:38 kidclamp        I don't think we have guidleines to review today
13:38 cait            i thik i'd prefer something that stores the language display text in a translatable file
13:38 Joubu           bug 12017
13:38 huginn          04Bug http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12017 enhancement, P5 - low, ---, bgkriegel, Patch doesn't apply , Move language description out of database
13:39 kidclamp        #info bug 12017 may help with language code/display issues and solve other issues
13:40 kidclamp        next meeting?
13:40 kidclamp        or anyone else for discussion?
13:40 Joubu           tcohen: tooooolate
13:40 kidclamp        tcohen maybe :-b
13:41 marcelr         tcohen: quickly introduce yourself
13:41 tcohen          hi
13:42 tcohen          #info Tomas Cohen Arazi
13:42 * tcohen        is sick today, but here hehe
13:42 druthb          [aside] applauds
13:43 kidclamp        #topic Next meeting
13:43 kidclamp        reviewing survey last meeting we think 19UTC may be better than 20, any opposition or support?
13:43 tcohen          support
13:44 oleonard        support
13:44 marcelr         if we go to 13utc the time after
13:44 LibraryClaire   marcelr they alternate :)
13:44 marcelr         yes
13:44 kidclamp        yes 13 works well for many of us :-)
13:44 marcelr         i know
13:44 khall           ack, missed everything ; )
13:45 kidclamp        heh
13:45 kidclamp        once we set date you can comment khall
13:45 kidclamp        March 8, 19 UTC?
13:45 LibraryClaire   8th March 19 UTC?
13:45 * LibraryClaire is too slow
13:46 kidclamp        LibraryClaire++
13:46 kidclamp        +1
13:47 cait            +1
13:47 oleonard        +1
13:47 Joubu           +1
13:47 barton          +1
13:47 kidclamp        #info Next meeting Wednesday, 8th March 19 UTC
13:47 kidclamp        [aside] before the torrent of downvotes :-D
13:48 kidclamp        #topic Update from the Release manager (17.05)
13:48 kidclamp        khall?
13:48 khall           Nothing too noteworthy to bring up
13:48 khall           Enhanced overdrive integration has been pushed to master!
13:49 kidclamp        #info Overdrive integration pushed
13:49 khall           that's the only big thing I can think of
13:49 * oleonard      is getting an error related to that... Will bring it up after the meeting
13:49 kidclamp        thnaks khall
13:50 kidclamp        last call?
13:50 kidclamp        #endmeeting
13:50 huginn          Meeting ended Wed Feb 22 13:50:35 2017 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)
13:50 huginn          Minutes:        http://meetings.koha-community.org/2017/development_irc_meeting_22_february.2017-02-22-13.03.html
13:50 huginn          Minutes (text): http://meetings.koha-community.org/2017/development_irc_meeting_22_february.2017-02-22-13.03.txt
13:50 huginn          Log:            http://meetings.koha-community.org/2017/development_irc_meeting_22_february.2017-02-22-13.03.log.html
13:50 kidclamp        thanks all
13:50 marcelr         thx kidclamp
13:50 LibraryClaire   kidclamp++
13:51 drojf           can anyone tell me what versions of Catmandu and Catmandu::Store::Elasticsearch are used in kohadevbox? (or libcatmandu-perl and libcatmandu-store-elasticsearch-perl, but i think tcohen said they are cpan'd) -- kidclamp or Joubu maybe
13:52 tcohen          drojf: they are cpaned
13:52 Joubu           drojf: are you running the last version of kohadevbox?
13:52 drojf           tcohen: ah yes i typed that before you came in :D so it's the latest version from cpan?
13:52 Joubu           and recreated one fresh box?
13:52 drojf           Joubu: i am not running it at all
13:52 drojf           i just want to know what versions you use :)
13:52 tcohen          if you choose elasticsearch_version: '5.'
13:53 Joubu           ok, so you need Catmandu::Store::ElasticSearch
13:53 Joubu           not minus s[earch]
13:53 Joubu           just what I said before the meeting
13:53 tcohen          vagrant@kohadevbox:tmp$ pmvers Catmandu
13:53 tcohen           1.0305
13:53 tcohen          vagrant@kohadevbox:tmp$ pmvers Catmandu::Store::ElasticSearch
13:53 tcohen           0.0504
13:53 drojf           thanks tcohen that is what i was looking for
13:54 tcohen          kohadevbox uses the packaged ones if elasticsearch_version = 1.x
13:54 tcohen          just saying
13:54 tcohen          not sure what are you trying to do
13:54 oleonard        I'm getting an error in master when logging in to the staff client: "DBIx::Class::Storage::DBI::_dbh_execute(): Unknown column 'me.overdrive_auth_token' in 'field list' at /home/vagrant/kohaclone/Koha/Objects.pm line 83"
13:55 oleonard        Looks like a db update didn't run? I tried running updatedatabase manually and it didn't trigger anything.
13:55 drojf           tcohen: http://irc.koha-community.org/koha/2017-02-22#i_1910250
13:55 drojf           i wanted to know if it is a problem with the version numbers. but the packaged ones are similar
13:55 kidclamp        restart memcached and run update?
13:55 oleonard        Ah good point I didn't try that
13:56 drojf           i use 1.7 though
13:56 drojf           maybe it works with 5.x
13:56 drojf           ES that is
13:56 oleonard        kidclamp++
13:56 * kidclamp      shakes fist at memcached
14:04 tcohen          drojf: could you evaluate packaging Mojo::JWT?
14:09 drojf           tcohen: dpkg-deb: building package `libmojo-jwt-perl' in `../libmojo-jwt-perl_0.05-1_all.deb'
14:09 drojf           seems to work ok
14:09 drojf           no weird dependencies
14:10 drojf           tcohen: for which bug?
14:12 tcohen          @wunder cordoba, argentina
14:12 huginn          tcohen: The current temperature in Cordoba, Argentina is 28.0°C (11:00 AM ART on February 22, 2017). Conditions: Partly Cloudy. Humidity: 70%. Dew Point: 22.0°C. Pressure: 29.95 in 1014 hPa (Steady).
14:13 tcohen          drojf: I haven't filed it yet
14:13 magnuse         @wunder enbo
14:13 huginn          magnuse: The current temperature in Bodo, Norway is -4.0°C (2:50 PM CET on February 22, 2017). Conditions: Mostly Cloudy. Humidity: 64%. Dew Point: -10.0°C. Windchill: -10.0°C. Pressure: 28.80 in 975 hPa (Steady).
14:14 tcohen          but basically adding and authentication endpoint
14:14 tcohen          for third parties to consume our API
14:15 drojf           tcohen: ok. the package seems easy to do. if you choose to use it tell me and i can open a bug at debian
14:15 tcohen          drojf: please do :-D
14:15 drojf           i don't want to maintain stuff that does not go into koha in the end :D so better use it then :P
14:18 tcohen          fair enough
14:20 Joubu           tcohen: What about the *£%ù# jenkins badges?
14:22 Joubu           16.11.x says  Clover Code Coverage - 57.8% method 5212/6417, conditional 8281/20570, statement 27361/43689.
14:22 Joubu           Master says  Clover Code Coverage - 25.3% method 3203/5515, conditional 1329/18644, statement 11371/38665.
14:23 Joubu           sounds weird...
14:23 Joubu           ... and buggy
14:24 druthb          @wunder 77098
14:24 huginn          druthb: The current temperature in Montrose, Houston, Texas is 15.8°C (8:17 AM CST on February 22, 2017). Conditions: Clear. Humidity: 70%. Dew Point: 11.0°C. Pressure: 29.90 in 1012 hPa (Rising).
14:25 drojf           Joubu: you need libtemplate-stash-autoescaping-perl for 13618? or you use a custom version? i am not sure if i understand the bug correctly
14:26 Joubu           drojf: it does not work
14:26 Joubu           the idea was to use a custom version, lighter
14:26 Joubu           ... and buggy
14:26 Joubu           :)
14:26 drojf           ah ok you are removing it. my brain read the patch backwards. lol
14:26 Joubu           I am stuck with this one
14:26 * drojf         blames no coffee
14:30 kellym          heybywater we are training at Hudson County Community
14:30 khall           hi kellym!
14:30 kidclamp        Hi Kellym
14:31 kellym          hi kidclamp
14:31 jzairo          hi kellym
14:31 kivilahtio      ashimema: I understand now why you didn't find the x-koha-authorization in the Swagger-spec such a good idea.  Looking at http://swagger.io/specification/#scopesObject
14:31 kivilahtio      I don't remember seeing this when I first started working with Swagger2
14:32 ashimema        lol
14:32 kivilahtio      ashimema: But looks like tehre is now a standard way of defining what permissions endpoints need and what permissions are available in the API
14:32 ashimema        indeed
14:32 kivilahtio      which is realyl nice
14:32 ashimema        there has been for years mate.. that's what I was trying to get accross ;)
14:32 kivilahtio      really?
14:32 kivilahtio      I might have missed this because I completely tried to avoid any OAuth stuff back then
14:33 ashimema        the oath scopes stuff has been there since I first started working with swagger ;)
14:33 kivilahtio      ashimema: ok
14:33 kivilahtio      ashimema: this is almost 100% what we have in Koha now.
14:33 ashimema        I'm close to having an oath patch.. been fixing the library for the last week
14:33 kivilahtio      ashimema: well. We'll look into replacing x-koha-permission with this
14:33 kivilahtio      ashimema: what exactly does your OAuth2-patch do?
14:34 kivilahtio      ashimema: I am looking into implementing a OAuth2 password-grant flow?
14:34 kivilahtio      a very simplistic version without the authorization server component
14:34 ashimema        it'll do all four flows ;)
14:34 ashimema        and use JWT for transport..
14:34 ashimema        will also allow for revoking of jst's using jti identifiers
14:34 kivilahtio      ashimema: how did you manage to get JWT into OAuth2?
14:35 ashimema        also.. tcohen is working on a first step to jwt auth route in koha's api whilst I'm still bashing this end out
14:35 kivilahtio      ashimema: are you using it as the access_token?
14:35 ashimema        easy.. the library supports it natively.. you just have to be sensible in your callbacks
14:36 ashimema        access and refresh tokens are both jwt (I've not worked out how to do one but not the other)
14:36 kivilahtio      ashimema: according to the spec, if you get the access_token, you must use it in the Authorization: Bearer <JWT>
14:36 tcohen          https://snag.gy/elLOCN.jpg
14:36 ashimema        I would prefer an opaque refresh token I think.. though there's no real justification behind that
14:36 kivilahtio      ashimema: you dont need much info in the refresh token?
14:36 ashimema        yeah.. that's where it goes
14:37 ashimema        nice owkr tcohen :)
14:37 kivilahtio      tcohen: nice work
14:37 kivilahtio      tcohen: your token endpoint is even the same as mine :)
14:37 ashimema        my oauth is still a little way behind this.. working through amendments to the library has been time consuming
14:37 kivilahtio      I have it drawn right here on my sheets
14:37 drojf           tcohen: ok it seems that Mojo::JWT brings a lot of happiness to people ;)
14:38 tcohen          hahah
14:38 * ashimema      would impliment on oauth/token and oauth/authorize endpoints.. so there would be no collisions ;)
14:38 kivilahtio      drojf: I am concerend about how to revoke it
14:38 kivilahtio      ashimema: that is what you must do?
14:38 ashimema        kivi.. you keep a copy of the jti and revoke that
14:38 kivilahtio      ashimema: I speced it to /api/v1/auth as the authorization endpoint
14:38 kivilahtio      ashimema: then /api/v1/auth/token as the token endpoint
14:39 ashimema        what I do is keep a copy of the jti in the db, then short cache that so it's fast to lookup
14:39 kivilahtio      ashimema: what do you mean short-cache?
14:39 kivilahtio      ashimema: in memcached? In Mojo cache?
14:41 kivilahtio      ashimema: tcohen: so is there anything I can do to help you out?
14:42 ashimema        in my case I memcache it and then ensure I destroy that cache when you call revoke
14:42 kivilahtio      I need to implement OAuth2 Password grant
14:42 kivilahtio      ashimema: tcohen: I presume you are using Koha as the authorization server as well as the resource server?
14:42 * ashimema      is currently working on all this.. explaining it is harder than just writing it and showing you ;)
14:42 tcohen          kivilahtio: yes
14:43 tcohen          it is a simple implementation to allow use of the API by third parties
14:43 ashimema        tcohens stuff is a great first step.. my aim is a followup with the rest of the stack
14:43 tcohen          ashimema is working on a proper OAuth2 server implementation using the Mojo plugin
14:43 kivilahtio      tcohen: have you already done the Swagger-spec changes to change x-koha-auth to use the OAuth claims?
14:44 tcohen          kivilahtio: nope, and I won't for now
14:44 kivilahtio      tcohen: maybe we can do that
14:44 ashimema        that will come with oauth
14:44 kivilahtio      ok
14:44 * ashimema      goes back to working on it instead of talking aobut it ;)
14:44 kivilahtio      ok ok
14:44 kivilahtio      ashimema: any idea when you have something to sign off?
14:45 ashimema        weeks not days from now.. at least..
14:46 ashimema        I'm working on oauth from 3 directions at the moment.. implimenting it in a pure mojo app we already have running.. using that for testing and clarifying understanding.. submitting bugfixes upstream to the oauth plugin and net::oath2::server distribution.. and then it'll be the koha piece
14:46 kivilahtio      ashimema: sounds about what I was going to do
14:46 ashimema        koha's got the most moving parts.. so i wanted to make sure I fully understood auth and the plugin before attacking the koha end
14:46 kivilahtio      ashimema: I won't keep you from it then
14:46 kivilahtio      me too
14:46 kivilahtio      it is really confusing
14:47 ashimema        well.. i'm roughly half way through.. so not on the koha bit yet.. writing the oauth lib patches and working with Lee allot at the moment
14:47 kivilahtio      <tcohen> it is a simple implementation to allow use of the API by third parties
14:47 kivilahtio      Doesnät Koha laready have a simple auth implemetnation?
14:48 kivilahtio      tcohen: https://github.com/KohaSuomi/kohasuomi/blob/kohasuomi3.16/api/v1/swagger/paths/auth.json#L46
14:48 kivilahtio      hmm
14:48 kivilahtio      tcohen: maybe that never was shared with the community
14:48 tcohen          i think you filed a bug, or was Julian
14:49 kivilahtio      we have been using that simple username + password endpoint to get the CGISESSID via the API
14:49 tcohen          but you made it dependent on a major Auth.pm rewrite
14:49 kivilahtio      ah yeah, now I remember
14:49 kivilahtio      :)
14:50 kivilahtio      tcohen: you can kopypaste our code :)
14:50 kivilahtio      tcohen: actually the problem we have with this endpoint is the IP protection on the CGISESSID
14:51 kivilahtio      the national OPAC has a load balancer which sends requests from a pool of incoming IP-addresses
14:51 kivilahtio      so we need to figure out a way to authenticate securely without locking the session to IP
14:54 tcohen          kivilahtio: you need to use my token-based authentication
14:54 kivilahtio      tcohen: what do you mean?
14:54 kivilahtio      tcohen: where is that
14:55 kivilahtio      tcohen: or do you mean the work-in-progress -one?
14:55 tcohen          that one, yes
14:56 tcohen          i will try to attach it to a bug report, probably tomorrow once I get out of bed
14:56 kivilahtio      nice
14:57 tcohen          it is a small, not-perfect, implementation that allows creating a JWT to be used in a Bearer Authorization header
14:57 kivilahtio      tcohen: is it based on Mojolicious?
14:57 kivilahtio      Mojo::JWT
14:57 kivilahtio      I guess so
14:58 eythian         kivilahtio: what's wrong with using IP affinity on your load balancer?
14:58 pastebot        "tcohen" at pasted "{ "/auth/token": { "post": { "" (48 lines) at http://paste.koha-community.org/324
14:58 eythian         or maybe persistance, but swings/roundabouts
14:58 kivilahtio      tcohen: I was planning on having the API-client authorization as a Authorization: Basic <client apikeydigest>, <end-user crednetials JWT>
14:59 kivilahtio      eythian: their load balancer
14:59 kivilahtio      eythian: I don't know
14:59 eythian         ah right
14:59 kivilahtio      eythian: quite frankly I havenät thought about that
15:00 kivilahtio      tcohen: I think we need to somehow have two credentials in the API request. One from the client, as the Basic-auth, and one from the end-user (Bearer JWT)whose credentials are used by the client
15:01 kivilahtio      tcohen: well I don't really know. That was something I was hoping for.
15:01 kivilahtio      tcohen: This way you can see from the request that there is a client who is using the api with somebody elses credentials
15:01 kivilahtio      I think that is important
15:02 kivilahtio      eythian: I wonder can we use IP affinity on their load balancer?
15:03 tcohen          kivilahtio: i don't follow
15:03 tcohen          not my best day, though
15:03 kivilahtio      tcohen: me neither :)
15:03 eythian         kivilahtio: you'll need to do your own research to see if it suits, but it's a way of avoiding some of the session issues that can happen with load balancing
15:03 kivilahtio      maybe ashimema can comment on requiring both the client API Basic auth and the end-user Bearer JWT
15:04 eythian         https://imgflip.com/i/1k4jiu <-- tcohen
15:04 tcohen          hahaha
15:05 kivilahtio      C4::Search isnt that bad :)
15:05 kivilahtio      I had to tweak it a bit
15:05 kivilahtio      but it takes some years to get used to
15:05 kivilahtio      :)
15:06 tcohen          kivilahtio: my idea is that the API consumer has API credentials it can use through the /auth/token endpoint to get a JWT (generated by Koha) that it will use in further calls to the API as a Bearer in the Authorization header
15:06 kivilahtio      I am fearful that the new Koha::SearchEngine might not be any better in the end. The problem is that you can never get rid of complexity by refactoring. You can only hide it better :)
15:07 kivilahtio      tcohen: are you speaking of the Client credentials grant type?
15:07 tcohen          sort of
15:07 kivilahtio      sort of :)
15:08 tcohen          i mean, i'm implementing that
15:08 kivilahtio      ok
15:08 kivilahtio      tcohen: so you have a explicit strong trust use-case
15:08 tcohen          yes
15:09 kivilahtio      tcohen: I don't want to give the API consumer itself any other permission that to use another users credentials to do stuff
15:09 tcohen          my only problem is that as we have a strong trust use-case, what is the point of such complexity
15:09 kivilahtio      tcohen: well this is just a glorified basic auth with Authorization: Basic API-consumer-id.api_secret
15:10 tcohen          it is
15:10 tcohen          that's why I'm in doubt about it
15:10 kivilahtio      tcohen: I have to agree this OAuth2 is complex
15:10 kivilahtio      tcohen: but if you think of the access_token as the CGISESSID equivalent
15:10 kivilahtio      this doenst look so bad
15:10 kivilahtio      and you upgrade the CGISESSID with JWT
15:11 tcohen          that was the original idea
15:11 kivilahtio      I guess the good thing is that there is a standard w ecan say our API follows
15:11 tcohen          i'm hoping to see ashimema's Oauth2 implementation soon to QA it
15:12 tcohen          in the meantime, we can have /auth/token and /auth/session
15:12 tcohen          if you want ot
15:12 kivilahtio      tcohen: this Client Credentials Grant is just password+username login using the shared secret
15:12 kivilahtio      so it is good to havea formal recognition on it
15:12 kivilahtio      tcohen: I think it would be better to have everything under OAuth2
15:13 kivilahtio      tcohen: because the /auth/session is just a simple version of Resource Owner Password Credentials Grant
15:13 kivilahtio      or is it?
15:14 kivilahtio      hmm. looks like according to RFC6749 that the Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW          is needed
15:14 marcelr         thx jajm++
15:14 kivilahtio      so this would imply that this "Resource Owner Password Credentials Grant" can only be used with a shared api_secret
15:15 kivilahtio      so then it would be different from the plain username+password in /auth/session
15:15 eythian         kivilahtio: that contains a password, if that was a real password, you probably want to be changing it
15:15 kivilahtio      eythian: thanks for the tip
15:15 kivilahtio      https://tools.ietf.org/html/rfc6749#section-4.3.2
15:15 kivilahtio      you can find the password from here :)
15:15 eythian         hah
15:15 eythian         as you were then :)
15:15 kivilahtio      eythian: thank you for the warning tho!
15:16 jajm            marcelr, np, tell me when other authority bugs await QA ;)
15:16 marcelr         cool
15:16 marcelr         i am struggling with 9988
15:16 marcelr         but will be ready soon
15:16 eythian         https://dhavalkapil.com/blogs/Attacking-the-OAuth-Protocol/ <-- while you're looking into oauth, this popped up the other day :)
15:19 kivilahtio      eythian: just what I needed
15:19 kivilahtio      eythian: I was kinda thinking that phew. I am getting things under control
15:19 eythian         happy to help ;)
15:23 tcohen          Joubu: coverage is wrong because the run died due to missing dep (WebService/ILS/OverDrive/Patron.pm
15:23 tcohen          )
15:25 kivilahtio      tcohen: ashimema: How do you intende to register the API consumer (client) in Koha?
15:25 kivilahtio      https://tools.ietf.org/html/rfc6749#section-2
15:25 kivilahtio      I was planing on using the borrowers-table
15:26 kivilahtio      Since there already is the api_key-table with borrowers
15:26 kivilahtio      or atleast that is what jajm created when we were pushing the first patches
15:26 kivilahtio      and I finalzied into somethin nice
15:26 kivilahtio      This way every user in our library can make their own API key from OPAC
15:27 kivilahtio      and start consuming our API with the permissions they have
15:27 kivilahtio      I think this is great!
15:27 kivilahtio      And this is one of the marketing things I use here to sell our API
15:27 kivilahtio      that everyone can write thei own app to interact with Koha
15:27 tcohen          kivilahtio: my plan is to resurrect those patches this week
15:28 tcohen          stripping the Auth refactoring stuff
15:28 tcohen          and have /auth/token use that table
15:28 tcohen          to get the key/secret stuff
15:29 kivilahtio      tcohen: dont hesitate to steal from here
15:29 kivilahtio      https://github.com/KohaSuomi/kohasuomi/blob/kohasuomi3.16/opac/opac-apikeys.pl
15:29 tcohen          kivilahtio: yes, that's on the bug, at least some version of it
15:29 kivilahtio      it is important to use the Koha::ApiKeys
15:29 tcohen          you asked what you could help with
15:29 kivilahtio      instead of having all the code in the opac/opac-apikeys.pl
15:29 tcohen          go remove the deps on the rewrite from Koha::ApiKeys
15:30 kivilahtio      tcohen: good idea
15:30 kivilahtio      tcohen: I can port this feature to latest master soon
15:30 tcohen          bug 13920
15:30 huginn          04Bug http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13920 new feature, P5 - low, ---, julian.maurice, In Discussion , API authentication system - proposal
15:31 tcohen          and remove the V1.pm changes
15:31 tcohen          just leave the CRUD
15:33 tcohen          hm, it seems we only need to use Julian's patch
15:33 kivilahtio      tcohen: yup
15:34 tcohen          38ºC, better than earlier :-D
15:36 jajm            tcohen, kivilahtio, if you plan to resurrect bug 13920 i should warn you that there were strong opinions against it (iirc the main one was "don't write your own auth system, and use OAuth")
15:36 huginn          04Bug http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13920 new feature, P5 - low, ---, julian.maurice, In Discussion , API authentication system - proposal
15:36 kivilahtio      jajm: thanks for the warning
15:36 kivilahtio      jajm: I agreee
15:36 kivilahtio      jajm: Now we are using OAuth :)
15:36 jajm            okay, cool :)
15:37 kivilahtio      jajm: also I think we can get rid of the API key digest algorithm and use basic auth
15:37 kivilahtio      because all traffic is via https
15:37 kivilahtio      so just send the api_key and api_username plaintext in the Authorization-header
15:37 kivilahtio      I guess this is what is intended in the OAuth2 spec
15:38 kivilahtio      ""[17:36:47] <kivilahtio> jajm: Now we are using OAuth :)   ""     I meant we are moving to OAuth, not using it atm
15:41 kivilahtio      jajm: tcohen: what do you think about changing the Swagger2-spec to YAML?
15:41 kivilahtio      It is much much easier to read and edit in YAML
15:42 kivilahtio      https://github.com/KohaSuomi/Hetula/blob/master/Hetula/public/api/v1/swagger/swagger.yaml
15:42 tcohen          if I had time to invest, I'd rather spend it in migrating to OpenAPI
15:43 kivilahtio      tcohen: we are already doing that
15:43 kivilahtio      tcohen: lari has finished the work on the endpoints already pushed to master
15:43 kivilahtio      tcohen: I guess it would have been kinda nice to tell you earlier
15:43 kivilahtio      tcohen: we already have a ton of new endpoints lari has done
15:43 kivilahtio      just check Lari Taskula in bugzilla
15:43 jajm            kivilahtio, i think it's a matter of taste, both formats have pros and cons
15:44 kivilahtio      jajm: So far I have far less issues with YAML than JSON.
15:44 kivilahtio      jajm: but please share your cons of YAML?
15:46 jajm            kivilahtio, what i don't like about yaml is that whitespaces are significant
15:47 tcohen          I like YAML, because it is human-readable
15:47 kivilahtio      jajm: I feel you. I have found out that it is easier to fix whitespace indentation issues than to find missing ending  punctuations
15:47 tcohen          for JSON you better use a tool to edit the files
15:47 kivilahtio      especialyl the neding pucntuations
15:47 kivilahtio      especially the ending punctuations
15:48 kivilahtio      but I remember disliking YAML for the whitespace. But hacing used Ansible quite too much, I kinda learned to love YAML
15:52 jajm            kivilahtio, also i'm never sure about the types, for instance if you write "key: 42", is 42 a string or an int ? "key: true" string or boolean ? maybe i don't like yaml because i don't know it enough, but JSON is simpler :)
15:52 kivilahtio      yeah
15:52 kivilahtio      that was really awkward
16:17 LibraryClaire   laters #koha
16:29 ashimema        there's too much rambling to read back over all of that
16:29 * ashimema      was collecting kids from school
16:29 ashimema        But.. I think from the skim read that OAuth basically solves all over those issues.
16:30 ashimema        please don't add client records to the borrowers table though.. that's a terrible idea
16:30 ashimema        the point is that you need to identify all three parties involved in tansactions
16:30 ashimema        client, resource and owner
16:30 ashimema        Koha is the 'resource'.. or rather all the stuff in it is..
16:31 ashimema        client is whatever system is consuming the api
16:31 ashimema        and finally owner is the 'user' that wants to interact with the resource
16:31 ashimema        you don't need to have two Auhorization headers at all
16:31 ashimema        you need to use an OAuth flow..
16:32 ashimema        for instance.. UserPassword flow as you seem to really like to use as an example
16:33 ashimema        you hit the /token endpoint with the username+password of the 'owner' in the query parameters.. but there's nothing in there stopping you from having the client_name and client_password (i.e. client credentials) in the Authorization header as a BASIC auth..
16:33 ashimema        that way you are doing two auths..
16:34 ashimema        the header is being used to authenticated the 'client' is who it says it is.. and then the query parameters are being used to authenticated the 'owner' (i.e. user) that the client wants to act for.
16:34 ashimema        you need to keep those parties seperate for the sake of sanity..
16:34 ashimema        oh.. and PasswordAuth is the least secure of all methods.. it should only be allowed as a last resort
16:34 ashimema        and... it shouldn't support refresh tokens
16:35 ashimema        I think we should be focusing on implimenting Client Credentials Grant, Implicit Grant and Code Grant flows (but once you've done that it's not hard to also support Password Grant.. though I might suggest we don't for security reasons)
16:36 * oleonard      has nothing to contribute but waves to ashimema
16:36 ashimema        anywho.. the patch will include additional tables for storing clients
16:36 ashimema        hi oleonard
16:36 ashimema        ^ kivilahtio
16:36 ashimema        /,e goes back to cook tea for kids and then will be hacking on OAuth again this evening
16:37 * cait          copies oleonard
16:39 kivilahtio      ashimema: if the password-grant is mixed with the client basic auth. I think that is very secure
16:39 kivilahtio      possibly not as secure as the code-grant since you are redirected to a auth server
16:39 kivilahtio      ashimema: but the password-grant implies that the password is coming from a trusted source
16:40 kivilahtio      ashimema: I agree that it shoulnd't be used in the wild for public access
16:40 kivilahtio      ashimema: I am using it more like in a priviledge escalation manner
16:40 kivilahtio      ashimema: And I am planning to support refresh tokens, otherwise our 3rd party will jsut store our users passwords in their db
16:41 kivilahtio      ashimema: see the link I posted about borrowers-table -> api_keys-table
16:41 kivilahtio      ashimema: https://github.com/KohaSuomi/kohasuomi/blob/kohasuomi3.16/opac/opac-apikeys.pl
16:42 kivilahtio      and from tcohen Bug http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13920
16:42 huginn          04Bug 13920: new feature, P5 - low, ---, julian.maurice, In Discussion , API authentication system - proposal
16:42 kivilahtio      ashimema: our users must be able to generate their own API-keys
16:42 kivilahtio      ashimema: the SIP2-clients are borrowers-rows, their borrower category is AUTOMAT
16:42 kivilahtio      ashimema: in the same fashion non-human API consumers can be AUTOMAT
16:42 kivilahtio      ashimema: anyway gotta go home
16:42 kivilahtio      wife misses ime
17:15 reiveune        bye
17:19 Guest1381       Project Koha_Master_D8 build #118: UNSTABLE in 1 hr 39 min: https://jenkins.koha-community.org/job/Koha_Master_D8/118/
17:39 gmcharlt        @quote random
17:39 huginn          gmcharlt: Quote #217: "<slef> maybe I should chew their legs off, then use the sharp bony end to kill kittens...?" (added by mtompset at 03:29 PM, September 26, 2012)
17:39 jls             is today a bugfix release date? looked here but no longer seeing the calendar:  https://koha-community.org/about/release-schedule/
17:40 jls             just trying to identify why a new issue has surfaced at a few branch libraries.... thanks.
17:45 cait            jls: yes, 16.11.04 has been released this morning
17:45 cait            I think 16.05 is underway, 3.22 was a few days ago
17:46 jls             yes but I thought there was a bugfix release on the 22nd of each month... We aren't scheduled for 16.11 yet.
17:46 jls             trying to identify why a local issue has popped up today....
17:46 cait            sometimes the date is a bit off
17:46 cait            which version are you on?
17:46 jls             16.05
17:46 jls             thanks
17:47 cait            ah ok, i think mtj mentioned he was workin gon it this morning
17:47 cait            best to watch the mailing list or the koha community website - it will be announced on both
17:47 jls             okay
17:47 cait            https://koha-community.org/news/
17:47 cait            have to leave - by all!
18:00 drojf           bye #koha
20:01 mtompset        Greetings, #koha.
20:01 mtompset        @seen mtj
20:01 huginn          mtompset: mtj was last seen in #koha 12 hours, 31 minutes, and 37 seconds ago: <mtj> congrats cait++  - i am working on a 16.05.x release now
20:06 * druthb        waves to talljoy, just because
20:06 talljoy         hi!!!
20:06 talljoy         how goes things?
20:06 druthb          perking along.  Wedding in 10 days.
20:07 talljoy         oh my gosh
20:07 * magnuse       waves to #koha, just because
20:07 talljoy         are you going to be staying in houston?
20:07 talljoy         or moving to a new love nest/lair somewhere else?
20:07 druthb          He's moved into my Lair.  :)
20:08 talljoy         awesome!
20:08 * druthb        waves to magnuse
20:09 * magnuse       waves to druthb and talljoy
20:09 talljoy         hi magnuse
20:09 magnuse         hiya talljoy
20:11 magnuse         @wunder enbo
20:11 huginn          magnuse: The current temperature in Bodo, Norway is -4.0°C (8:50 PM CET on February 22, 2017). Conditions: Mostly Cloudy. Humidity: 74%. Dew Point: -8.0°C. Windchill: -11.0°C. Pressure: 28.82 in 976 hPa (Rising).
20:16 magnuse         it's rather pretty now, with all the snow
22:20 mtompset        *sigh*
22:20 mtompset        Anyone know why the OverDrive integration into OPAC is giving me an Internal Server Error?
22:21 mtompset        Or more accurately, why is it even trying, when I don't have OverDrive enabled?
22:23 oleonard        mtompset: I'll suggest what kidclamp_away suggested earlier: Restart memecached and run db update manually
22:23 oleonard        That worked for me (kohadevbox)
22:24 mtompset        I'm running this on an oldschool git install, not a kohadevbox.
22:24 mtompset        I have no overdrive variables set.
22:25 mtompset        I suspect this would work if i disabled, but had the variables set.
22:25 mtompset        The problem being, I don't know what values to set the system preferences to.
22:25 mtompset        because I am not subscribes to OverDrive.
22:25 mtompset        ^subscribed
22:25 oleonard        What's the error mtompset?
22:26 mtompset        [Wed Feb 22 17:17:08.480655 2017] [cgi:error] [pid 7045] [client] AH01215: [Wed Feb 22 17:17:08 2017] overdrive: OverDriveClientKey pref not set at /home/mtompset/kohaclone/opac/svc/overdrive line 38., referer: http://library.debiankoha.ca/cgi-bin/koha/opac-user.pl
22:26 mtompset        The URL is totally bogus.
22:27 mtompset        I'm pretty sure the croak causes the internal server error visible in the opac.
22:27 mtompset        Summary tab of opac-user.
22:28 mtompset        slight lag, and then internal server erorr is inserted.
22:29 edveal          mtompset is this happing for all searches in your opac?
22:29 mtompset        and since there is a slight lag, I suspect this is some java script somewhere, but my tracing skills of javascript triggering is poor.
22:29 mtompset        No...
22:29 mtompset        I'm attempting to test bug 18118
22:29 huginn          04Bug http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18118 normal, P5 - low, ---, mtj, Needs Signoff , Unexpected behaviour with 'GoogleOpenIDConnect' and 'OpacPublic' syspref combination
22:29 mtompset        which caused me problems.
22:29 edveal          ah ok
22:29 mtompset        so I wrote bug 18144
22:29 huginn          04Bug http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18144 normal, P5 - low, ---, mtompset, Needs Signoff , Removal of persona broke openidconnect
22:29 mtompset        so then I applied 18144 and 18118
22:29 mtompset        and tried to log in.
22:30 mtompset        when it puts me on the opac/opac-user.pl page, I get the internal server error as part of the check out data table.
22:30 mtompset        even though I have no overdrive stuff set.
22:30 oleonard        What about in master mtompset?
22:31 mtompset        This is master.
22:32 mtompset        On an oldschool -- NOT kohadevbox -- git install.
22:32 oleonard        You just said you applied patches, so I assumed you were not testing master
22:32 mtompset        OH... sorry, misunserstood.
22:32 mtompset        Let me check.
22:33 mtompset        Same problem on master with a regular log in.
22:35 mtompset        So, if anyone has OverDrive set to work, if you could make note of your settings, set it to blank and turn off overdrive, and allow logins to your OPAC, I'm pretty sure you will see the problem on master.
22:35 phemmy          hello anyone here to help on some technical docmentation pls
22:35 mtompset        phemmy: Perhaps. :) I never promise answers, though I try. :)
22:35 oleonard        I don't get an error when logging in but I get when when searching in the opac. "Internal server error"
22:35 mtompset        Do you have circulation?
22:36 mtompset        I am using a practically empty DB, oleonard.
22:37 mtompset        Fresh install, all sample data, one book imported via z39.50, reindexed, Koha Admin set to superlibrarian and username, password, and primary email address set.
22:38 mtompset        phemmy: That was a kind of yes. What's the technical documentation help you need?
22:38 phemmy          installation on my localserver
22:39 oleonard        Interesting... I get an error when searching in the staff client too
22:40 mtompset        phemmy: what do you mean installation on my local server? How to install Koha on a server?
22:41 phemmy          on my system without internet that is on intranet
22:42 mtompset        And what operating system is this server going to be running?
22:43 mtompset        Is there anything else running on this server?
22:44 phemmy          linux probably
22:44 talljoy         cait do you know what the syspref 504MARC is in 16.11?
22:45 talljoy         what does that relate to?
22:45 cait            504marcß
22:45 cait            ?
22:45 cait            is it really called 504marc? let me check
22:46 talljoy         is it a german thing?
22:46 cait            i am not seeing it in my installation
22:46 talljoy         weird, it's in ours.
22:46 cait            sorry,maybe i am misunderstanding you
22:46 cait            which tab?
22:46 talljoy         sorry not a syspref
22:46 talljoy         it's a authorisedvalue category
22:46 cait            ah
22:46 cait            i don
22:46 * talljoy       is tired = long day
22:46 cait            t think that is standard
22:46 cait            maybe they just added it?
22:47 mtompset        phemmy: Then perhaps https://wiki.koha-community.org/wiki/Koha_on_Debian is what you are looking for.
22:47 cait            not standard
22:47 cait            sorry, my hand is half asleep :)
22:47 talljoy         well if it's not standard, then i'm not going to add it to my migration databases.
22:47 talljoy         if it breaks we'll find out what it's for! ha
22:48 cait            heh
22:48 cait            504 is a note field
22:48 cait            not sure what you coudl authvalue there
22:48 talljoy         jz just found it
22:48 talljoy         bibliography note:  "includes index"  etc
22:49 talljoy         i guess it's just a common note for some catalogers that can be linked to the 504 tag and frameworks.
22:49 cait            yeah - but as you can't mix authvalue and free text entry... not sure how useful
22:49 talljoy         ikr
22:49 cait            do you see where it came from?
22:49 talljoy         jz found it in her database.
22:49 talljoy         and she got a random one from larry.
22:49 talljoy         so it's a mystery.
22:49 talljoy         and a non-sequitur
22:50 cait            hm git grepped master, it's not turning up there
22:51 cait            why did you ask if it was german? :)
22:51 talljoy         we think it was just an old copy of a demo database highlighting the frameworks and ability to tie in to authorised values
22:51 talljoy         oh, probably a typo, but you typed marc504ß
22:51 talljoy         random reference.
22:51 cait            ah
22:51 talljoy         are you going to hackfest cait?
22:52 cait            just because ? and ß are the same key on my keyboard
22:52 talljoy         HA!
22:52 talljoy         another mystery solved!
22:52 cait            not this year I am afraid
22:52 cait            :)
22:53 talljoy         bummer.
22:55 bag             yeah BIG bummer
22:55 bag             or BUMMER (that’s big)
22:55 cait            talljoy: go to the crepes place
22:56 bag             it is a requirement cait
22:56 cait            think of me and order one with salted butter caramel :)
22:56 bag             I’ll be there :)
22:56 talljoy         crepes
22:56 talljoy         mmmmmm
22:57 bag             these are good ones talljoy
22:58 oleonard        talljoy: Raise a glass or 4 to your absent comrades.
22:59 * talljoy       plans to pack the aspirin
22:59 dani            I barely remember the crepes, I think I was going on 24 hours without sleep at that point in Oct
22:59 talljoy         don't go until i get there bag
22:59 oleonard        I *know* I was on 24 hours without sleep.
23:00 bag             talljoy: we’ll go monday night :)
23:01 bag             yeah dani we did a ton in the first 36 hours
23:01 dani            Yeah, I was so proud to have made it to Monday without crashing
23:01 dani            ha
23:01 bag             train tickets I need to buy train tickets
23:01 bag             ok back in a sec
23:02 talljoy         oooo  this is new for 16.11 yes?  Sereal/Encoder.pm
23:03 talljoy         dani you familiar with that?
23:03 talljoy         i can't run updatedatabase.pl without it
23:03 dani            i am not
23:04 bag             talljoy: do you fly home from marseille
23:04 talljoy         mrs to lhs to dfw
23:04 talljoy         with 24 hours in lhr
23:04 talljoy         s/lhs/lhr/
23:04 cait            @wunder lhr
23:04 huginn          cait: The current temperature in London, United Kingdom is 11.0°C (10:50 PM GMT on February 22, 2017). Conditions: Light Rain. Humidity: 94%. Dew Point: 10.0°C. Pressure: 29.68 in 1005 hPa (Steady).
23:04 talljoy         flying out of paris was economically impossible
23:04 cait            aha!
23:05 bag             ok thanks that’s all I needed to know :)
23:18 mtompset        talljoy: Yes, that library is new, as far as I know.
23:21 talljoy         yup getting installed now!
23:25 mtompset        @wunder yyz
23:25 huginn          mtompset: The current temperature in Toronto Pearson, Ontario is 5.0°C (6:00 PM EST on February 22, 2017). Conditions: Overcast. Humidity: 93%. Dew Point: 4.0°C. Windchill: 3.0°C. Pressure: 29.78 in 1008 hPa (Falling).