Asked for username and password on project or issue selection

[modules]

On latest redmine and redmine_time_tracker i got a popup asking for username and password after selecting a project or an issue.

"Benutzername und Password eingeben für "Redmine API" bei "https://domain.tld/tt_completer/get_activity.json?key=xxxx&project_id=10"

[jume-dev]

Please provide more information, like where were you selecting a project?

[cforce]

Its the same here .. when i logged time and then wanna book it later as soon as i click into ptoject or issue box, and ajax request to get data for the drop down list is retrieved the browser pop up a http auth form to put in user name and password. @modules do you use http-auth plugin or redmine_webdav plugin or any dav plugin?

[cforce]

btw. i can click cancnel and it works anyway..

[jume-dev]

Did you "Activate "Enable REST web service" in the authentication tab in settings" like it says in the readme?

[cforce]

of course, else it would'nt even worked a little.

[jume-dev]

I cant reproduce this problem, everything works fine here. We tested it with the newest redmine, so it should be fine there. Try to reproduce it in a fresh redmine installation and if it doesnt occur there, it is an issue with your redmine installation.

[rbugajewski]

I have the same issue. I even tried to set the username to the API key from the account settings and a random password, but it still prompted me for a password. Here’s the corresponding log which should shed some light on this issue (I replaced a freshly generated key with MY_KEY):

Started GET "/tt_completer/get_activity.json?key=MY_KEY&project_id=20" for 8.8.8.8 at 2013-09-02 21:13:49 +0200
Processing by TtCompleterController#get_activity as JSON
  Parameters: {"key"=>"MY_KEY", "project_id"=>"20"}
  Current user: anonymous
Filter chain halted as :check_if_login_required rendered or redirected
Completed 401 Unauthorized in 3ms (ActiveRecord: 0.2ms)

At our installation it happens when you want to book some previously logged time and open the project selection menu in the entry’s table row.

[jume-dev]

As my time is limited at the moment, i cant investigate here. So please try it on a fresh redmine installation and see, if it works there.

[rbugajewski]

Today I checked this issue on a BitNami Redmine stack and it wasn’t reproducible. However, I don’t know how this could help to solve this issue for us three guys (and eventually more who don’t participate in this discussion).

If you don’t have enough time to investigate more into this issue, it would be very kind of you if you could at least find a couple of minutes and help us understand what the root of this issue could be.

1. What exactly does get_activity and how does it accomplish it?
2. Do you have any idea why there would be a permission error?
3. Why is the current user anonymous? Shouldn’t it be the currently logged in user?
4. Why is the API key not accepted when we paste it as the username into the authentication dialog (with a random password as stated in the Redmine API documentation)?

If you don’t have enough time, the single best thing would be to search for an active maintainer who at least fixes the couple of existing issues. I would take this role, but I don’t know enough about Ruby and Redmine plugin development to maintain such a code base.

[jume-dev]

Well, as it never occured on my redmine, i assume its something with the redmine configuration. Thats why i asked you to try it somewhere else.

1. get_activity tries to get all available activities for the selected project to display them in the dropdown menu.
2. no, i have absolutly no idea, but i assume it has to do with 3.
3. no idea, maybe here lies the problem.
4. as i never saw this authentification dialog, i dont know where it comes from

As stated, i assume its a problem with your redmine config. maybe compare your configs from the working and from the not working redmine and see, if you can find differences which result in this error

[rbugajewski]

It’s impossible to compare the config of a working installation where you have about 30–40 projects, a handful of users, custom trackers with workflows and different permissions to a vanilla installation where none of these are present.

Could it be that get_activity tries to get all projects, even if the currently logged in user doesn’t have enough permissions to view and modify them all?

Do you have an idea where I could start to try to debug it in code? Is get_activity the right entry point? How can I check in code which permission is requested and why the current user doesn’t have it?

[juanmoyano]

Same error here on the following installation:

Environment:
  Redmine version                2.3.2.stable
  Ruby version                   1.9.3-p0 (2011-10-30) [x86_64-linux]
  Rails version                  3.2.13
  Environment                    production
  Database adapter               Mysql2
Redmine plugins:
  redmine_time_tracker           0.8.0

Here it also happens when you want to book some previously logged time and click on a project in the selection menu in a logged time row.

Started GET "/redmine/tt_completer/get_activity.json?key=<KEY>project_id=14" for 192.168.1.1 at 2013-09-11 12:32:31 -0300
Processing by TtCompleterController#get_activity as JSON
  Parameters: {"key"=>"<KEY>", "project_id"=>"14"}
  Current user: anonymous
Filter chain halted as :check_if_login_required rendered or redirected
Completed 401 Unauthorized in 3ms (ActiveRecord: 0.3ms)

I can see in the logs that all requests are being made with the logged in "Current User:", but when you click on a project, the request is made by "Current user: anonymous", as jume-dev said, maybe here lies the problem.

[jume-dev]

Should be fixed now with @muratsevim addition. Reopen it, if the problem still occurs.