[Bug] api authentfication requested

[cforce]

If i enter any value on "Pleayse specify your current task" system aks to api authenticate. I have all rights and module actiavated using redmine 2.2. and latest plugin code from today.

[cforce]

THis happens as soon as i type anything in (issue id) or comment or any other input field

[cforce]

Started GET "/tt_completer/get_issue.json?term=1" for 172.25.252.99 at 2013-01-08 16:49:32 +0100 Processing by TtCompleterController#get_issue as JSON Parameters: {"term"=>"1"} Current user: anonymous Filter chain halted as :check_if_login_required rendered or redirected Completed 401 Unauthorized in 3ms (ActiveRecord: 1.2ms)

[mstarke]

As stated before this is a change in the Redmine API. The JSON requests need to be authenticated separately. If you supply your username and password again, everything works as expected.

[cforce]

Hm, this is not very user friendly. Why do you use the rest api if you have plugin acess. Ajax? Can you please point me out the discussion in redmine.

Tx a lot.

[creich]

We use AJAX but Redmine identifies all requests via JSON as REST API and so it requires the login (only once! per session afaik). btw, on my development machine i don't have this problem. Which version of Redmine and TimeTracker are you working with? which ruby version do you use? The more Information you can give us, the better we can help you..

[cforce]

redmine 2.2. on Webrick, ruby-1.9.3-p327 using master

git.exe pull -v --progress "origin" From https://github.com/hicknhack-software/redmine_time_tracker = [up to date] master -> origin/master = [up to date] 0.1 -> origin/0.1 = [up to date] 0.2 -> origin/0.2 = [up to date] experimental -> origin/experimental = [up to date] gh-pages -> origin/gh-pages = [up to date] unit_testing -> origin/unit_testing Already up-to-date. Success (2984 ms @ 09.01.2013 11:24:00)

GEM remote: http://rubygems.org/ remote: http://rubygems.org/ remote: http://rubygems.org/ remote: http://rubygems.org/ remote: http://rubygems.org/ remote: https://rubygems.org/ remote: http://rubygems.org/ remote: http://rubygems.org/ remote: http://rubygems.org/ remote: http://rubygems.org/ remote: http://rubygems.org/ remote: http://rubygems.org/ specs: ZenTest (4.8.3) actionmailer (3.2.10) actionpack (= 3.2.10) mail (~> 2.4.4) actionpack (3.2.10) activemodel (= 3.2.10) activesupport (= 3.2.10) builder (~> 3.0.0) erubis (~> 2.7.0) journey (~> 1.0.4) rack (~> 1.4.0) rack-cache (~> 1.2) rack-test (~> 0.6.1) sprockets (~> 2.2.1) activemodel (3.2.10) activesupport (= 3.2.10) builder (~> 3.0.0) activerecord (3.2.10) activemodel (= 3.2.10) activesupport (= 3.2.10) arel (~> 3.0.2) tzinfo (~> 0.3.29) activeresource (3.2.10) activemodel (= 3.2.10) activesupport (= 3.2.10) activesupport (3.2.10) i18n (~> 0.6) multi_json (~> 1.0) acts-as-taggable-on (2.3.3) rails (~> 3.0) addressable (2.3.2) annotate (2.5.0) rake ansi (1.4.3) arel (3.0.2) autotest-notification (2.3.4) autotest-standalone (~> 4.5) autotest-rails (4.1.2) ZenTest (~> 4.5) autotest-standalone (4.5.11) builder (3.0.0) capybara (2.0.2) mime-types (>= 1.16) nokogiri (>= 1.3.3) rack (>= 1.0.0) rack-test (>= 0.5.4) selenium-webdriver (~> 2.0) xpath (~> 1.0.0) childprocess (0.3.6) ffi (~> 1.0, >= 1.0.6) coderay (1.0.8) database_cleaner (0.9.1) diff-lcs (1.1.3) erubis (2.7.0) factory_girl (4.1.0) activesupport (>= 3.0.0) factory_girl_rails (4.1.0) factory_girl (~> 4.1.0) railties (>= 3.0.0) fastercsv (1.5.5) ffi (1.3.0) hashie (1.2.0) hike (1.2.1) i18n (0.6.1) journey (1.0.4) jquery-rails (2.0.3) railties (>= 3.1.0, < 5.0) thor (~> 0.14) json (1.7.6) libwebsocket (0.1.7.1) addressable websocket libxml-ruby (2.4.0) mail (2.4.4) i18n (>= 0.4.0) mime-types (~> 1.16) treetop (~> 1.4.8) metaclass (0.0.1) mime-types (1.19) minitest (4.4.0) minitest-reporters (0.14.1) ansi builder minitest (>= 2.12, < 5.0) powerbar mocha (0.12.3) metaclass (~> 0.0.1) money (5.0.0) i18n (~> 0.4) json multi_json (1.5.0) mysql (2.8.1) mysql2 (0.3.11) net-ldap (0.3.1) nokogiri (1.5.6) pg (0.14.1) polyglot (0.3.3) powerbar (1.0.11) ansi (~> 1.4.0) hashie (>= 1.1.0) rack (1.4.3) rack-cache (1.2) rack (>= 0.4) rack-openid (1.3.1) rack (>= 1.1.0) ruby-openid (>= 2.1.8) rack-ssl (1.3.2) rack rack-test (0.6.2) rack (>= 1.0) rails (3.2.10) actionmailer (= 3.2.10) actionpack (= 3.2.10) activerecord (= 3.2.10) activeresource (= 3.2.10) activesupport (= 3.2.10) bundler (~> 1.0) railties (= 3.2.10) railties (3.2.10) actionpack (= 3.2.10) activesupport (= 3.2.10) rack-ssl (~> 1.3.2) rake (>= 0.8.7) rdoc (~> 3.4) thor (>= 0.14.6, < 2.0) rake (10.0.3) rdoc (3.12) json (~> 1.4) render_parent (0.0.5) rails (>= 2.3.0) ri_cal (0.8.8) rmagick (2.13.1) rspec-core (2.12.2) rspec-expectations (2.12.1) diff-lcs (~> 1.1.3) rspec-mocks (2.12.1) rspec-rails (2.12.1) actionpack (>= 3.0) activesupport (>= 3.0) railties (>= 3.0) rspec-core (~> 2.12.0) rspec-expectations (~> 2.12.0) rspec-mocks (~> 2.12.0) ruby-ole (1.2.11.6) ruby-openid (2.1.8) rubyzip (0.9.9) selenium-webdriver (2.27.2) childprocess (>= 0.2.5) libwebsocket (~> 0.1.3) multi_json (~> 1.0) rubyzip shoulda (2.11.3) shoulda-matchers (1.4.1) activesupport (>= 3.0.0) simple_enum (1.6.4) activesupport (>= 3.0.0) simplecov (0.7.1) multi_json (~> 1.0) simplecov-html (~> 0.7.1) simplecov-html (0.7.1) simplecov-rcov (0.2.3) simplecov (>= 0.4.1) spreadsheet (0.6.9) ruby-ole (>= 1.0) sprockets (2.2.2) hike (~> 1.2) multi_json (~> 1.0) rack (~> 1.0) tilt (~> 1.1, != 1.3.0) sqlite3 (1.3.6) test-unit (2.5.3) thor (0.16.0) tilt (1.3.3) treetop (1.4.12) polyglot polyglot (>= 0.3.1) tzinfo (0.3.35) uuidtools (2.1.3) vpim (0.695) websocket (1.0.6) xapian-full (1.2.3) xpath (1.0.0) nokogiri (~> 1.3) yard (0.8.3) zip (2.0.2)

PLATFORMS ruby

DEPENDENCIES activerecord-jdbc-adapter (= 1.2.2) activerecord-jdbcmysql-adapter activerecord-jdbcpostgresql-adapter activerecord-jdbcsqlite3-adapter acts-as-taggable-on (~> 2.3.3) annotate autotest-notification autotest-rails axebomber builder (= 3.0.0) capybara coderay (~> 1.0.6) database_cleaner factory_girl_rails fastercsv (~> 1.5.0) i18n (~> 0.6.0) jdbc-mysql (= 5.1.13) jquery-rails (~> 2.0.2) libxml-ruby (>= 2.3.2) minitest minitest-reporters (>= 0.5.0) mocha (= 0.12.3) money (~> 5.0.0) mysql (~> 2.8.1) mysql2 (~> 0.3.11) net-ldap (~> 0.3.1) nokogiri (>= 1.5.5) pg (>= 0.11.0) rack-openid rails (= 3.2.10) rdoc (>= 2.4.2) render_parent (>= 0.0.4) ri_cal rmagick (>= 2.0.0) rspec-rails ruby-openid (~> 2.1.4) rubyzip shoulda (~> 2.11) shoulda-matchers simple_enum simplecov simplecov-rcov spreadsheet (~> 0.6.8) sqlite3 test-unit uuidtools (~> 2.1.1) vpim (~> 0.695) xapian-full yard zip

[creich]

hi, i suddenly found out that i've missed to push my last commit. please check out the actual master (should be tagged as 0.6).

[cforce]

What should change?

I entered my/same credentials i am logged in in redmine isetlf and it asks again and again and again. !! But only in input field in overview, on other editing works without reauth.!!

Processing by TtCompleterController#get_issue as JSON Parameters: {"term"=>"1"} Current user: anonymous Filter chain halted as :check_if_login_required rendered or redirected Completed 401 Unauthorized in 48ms (ActiveRecord: 2.4ms) Started GET "/tt_completer/get_issue.json?term=1" for 172.25.252.99 at 2013-01-09 12:12:09 +0100 Processing by TtCompleterController#get_issue as JSON Parameters: {"term"=>"1"} Current user: anonymous Filter chain halted as :check_if_login_required rendered or redirected Completed 401 Unauthorized in 4ms (ActiveRecord: 1.5ms) Started GET "/tt_completer/get_issue.json?term=1" for 172.25.252.99 at 2013-01-09 12:12:34 +0100 Processing by TtCompleterController#get_issue as JSON Parameters: {"term"=>"1"} Current user: anonymous Filter chain halted as :check_if_login_required rendered or redirected Completed 401 Unauthorized in 4ms (ActiveRecord: 1.5ms)

[creich]

have you checked out the actual master of the timeTrackerPlugin? as i mentioned above i missed to push some changes.. sorry for that. so please check out the actual master and check if the problem still exists after that.

and could you please paste the complete information page from redmine which could be found under < your_path_to_redmine >/admin/info

[creich]

found out that you might have "Authentication required" option enabled within your redmine settings. so if you disable it, it should work. meanwhile i will have a look howto solve this problem

[cforce]

Yes i already had check out ur last commit. Switching off "Authentication required" is not acceptable . We want to have it requiredn because if plugin hav bugs it is possivble that even anonmouys user could have access on data. If "Authentication required" is on leaks only can be used by users, which is defensible .

Is there no other way than opening to the whole world?

[creich]

as i wrote, i'll try to fix this. but i am not sure that i could acomplish this today.. but at least i now could reproduce this error..

[cforce]

Ok, i see. I'll have to wait then. Tx for geat support!

[creich]

ok i now use API-access-keys for authentication! so you have to enable "Enable REST web service" in the redmine settings to get it work with "require authentication" properly!

please check out master (also tagged as 0.6.2)

[cforce]

Great! Now it works like a charme.. Tx a lot..

Please explain somewhere difference between time booking and time logging. What ist draft i can only see myself, when is it really part of the timelog in my issue.. etc. It's not really clear.

[mstarke]

The system uses 3 Main Concepts

Tracker - Your current active Time Time log - Logged time, that is not assigned to anyhting Time Booking - Time that is assigned to a project or directly to an issue

The reasoning behind these three types is, that if something is booked it's billable. If somethign is just logged, it might not be billed ever but you still can look up your logs to see what you've done.

The plugin tries to help creating invoices for customers. Hence the report function to print out a direct time sheet to add to a invoice sent to the customer