Cannot download some arb apps during review

Bug #886366 reported by Luke Faraone on 2011-11-04
18
This bug affects 3 people
Affects Status Importance Assigned to Milestone
Developer registration portal
Medium
Michael Nelson

Bug Description

I was attempting to review https://myapps.developer.ubuntu.com/dev/apps/192/

When I went to hit the download link of https://myapps.developer.ubuntu.com/site_media/packages/2011/09/UnicodeRewriter-Installer-01.jar , I was redirected a few times and eventually to a page with the title "OpenID Authentication Required" and the text "The server reported an error".

I logged out and logged in to MyApps and still could not download the application.

I'm using Chromium 14.0.835.202 (Developer Build 103287 Linux) Ubuntu 11.10.

STR:
 1) Create an app that is non-arb (ie. has a price or non-oss license), and submit for review
 2) Update the app before it is reviewed so that it is a potential arb app.
 3) Log in as a reviewer, and send the app to ARB
 4) Log in as an ARB reviewer and view the app details
ER: The package upload is in the public area (ie. downloadable by an arb reviewer)
AR: The package upload is still private (authenticated - requiring a non-arb reviewer)

John Pugh (jpugh) wrote :

I've seen this inconsistently, usually you can close the browser tab and start a new one. Trying this download worked for me the first time so the problem is inconsistent. Seems to be a openid/myapps handoff issue?

Andrew Mitchell (ajmitch) wrote :

This problem has been fairly persistent for me, the error message I usually see is "Either you have not been granted access to this resource or your entitlement has timed out. Please try again.". While I've been able to download some apps for review, there are a number where I haven't been able to get at the submitted tarball.

Michael Nelson (michael.nelson) wrote :

Right - for apps that begin their life as a non-arb app, but are later switched, they currently don't have the package upload copied over from private->public. Other apps that are arb from the start (ie. from when the dev initially submits the app) will already have public package uploads.

Let me know if this doesn't fit the scenario you're seeing Andrew and John. I'll put a branch together to fix it now, in the hope that it matches. My one concern is that if a developer uploads something that they want to be private, that a reviewer can potentially send the app to the arb queue, which will make the package upload public.

Changed in developer-portal:
status: New → Confirmed
importance: Undecided → Medium
summary: - Cannot download apps during review
+ Cannot download some arb apps during review
description: updated
Michael Nelson (michael.nelson) wrote :

Related to that concern mentioned in comment #3, rather than making the package upload public, would it be ok to leave it private but ensure it is accessible to arb reviewers when it is an arb app? That would be safer for the moment, IMO, until some decision is made on whether it should always be public once switched to arb (or has that been decided?)

John Pugh (jpugh) wrote :

I believe there are two threads here then. While ARB apps are one thing. I see it on the proprietary app side as well, albeit inconsistently. I think it may affect all apps and possibly related to auth timeouts?

Michael Nelson (michael.nelson) wrote :

@jpugh - Right - yes, your original error message does indeed look like an openid/sso issue - do you see an oops id at all in the response? I'd focused on ajmitch's issue, which is was something different, but something I could actually fix.

We have experienced a number of openid/sso issues lately with our services - I've been logging them at:
https://bugs.launchpad.net/canonical-identity-provider/+bug/873228

and would be keen to be able to find out more details about the issue that you see. In particular, if next time you experience this you can check for an oops id, and if there is non displayed, write down the exact time that you experienced the issue and I'll go through the logs.

Thanks!

John Pugh (jpugh) wrote :

No oops id so I'll log the time and post it next time I run into the issue.

Jonathan Lange (jml) wrote :

Just got the issue then on "Patricia's Quest for Sun"

Michael Nelson (michael.nelson) wrote :

From jpugh:

Just had 404 whilst trying to download a file...
https://myapps.developer.ubuntu.com/site_media/packages/2011/10/JavaTest1.jar

Error msg:
The requested URL /site_media/packages/openid/ was not found on this server.

15 Nov 1729 ET or 2230 GMT

Trying to download the app that corresponds to:
https://myapps.developer.ubuntu.com/dev/apps/279/

The second time I tried I got: The server reported an error

The third time was a success.

Hope that helps some...

Changed in developer-portal:
status: Confirmed → Fix Committed
assignee: nobody → Michael Nelson (michael.nelson)
Luke Faraone (lfaraone) wrote :

For what its worth, this bug is preventing me from doing much ARB review. Only about half the applications I try to download will actually download; the rest encounter this bug :(

On Fri, Dec 2, 2011 at 4:48 PM, Luke Faraone <email address hidden> wrote:
> For what its worth, this bug is preventing me from doing much ARB
> review.  Only about half the applications I try to download will
> actually download; the rest encounter this bug :(

Hi Luke,

Assuming that the reason you can't download them is the one that's
fix-committed (ie. the upload was uploaded to the private area before
the app was marked as arb - which will be the case for most arb apps),
it'll be fixed with the next rollout.

In the mean time, the best I can suggest is that someone with normal
(non-arb) review access (jpugh?) download them all and put them
somewhere private where you can access them.

John Pugh (jpugh) wrote :

I think Luke is running into the same issue I am. He has access, but something in between the openid auth and fetching the file via http is failing preventing access (all I get is "server error").

I think eventually Luke can download, but I don't know if the fix that Anthony submitted fixes the intermittent download issue unrelated to rights.

Luke, you want to confirm your issue (there are two issues discussed in this thread, but I don't know which one was addressed by the fix)?

On Fri, Dec 2, 2011 at 6:26 PM, John Pugh <email address hidden> wrote:
> I think Luke is running into the same issue I am. He has access, but
> something in between the openid auth and fetching the file via http is
> failing preventing access (all I get is "server error").

Hi John - I'm just trying to clear up some confusion on this bug. I
could be missing something, but AFAIK, Luke has access to the ARB part
of the devportal, but he won't (or shouldn't) have access to private
package uploads which are for commercial applications (the ones which
require openid access). Only commercial reviewers should be able to
access those [1], so the fact that Luke was being even asked for any
authentication when downloading a package for an ARB app is the bug
that was fixed here.

>
> I think eventually Luke can download, but I don't know if the fix that
> Anthony submitted fixes the intermittent download issue unrelated to
> rights.

The branch attached to this bug (and the reason it was marked
fix-committed by achuni) fixes an issue where applications that were
switched from commercial->ARB have their packages left in the private
area, and not made available publicly. So when this fix is released,
Luke (and all other ARB reviewers) should be able to download all new
ARB application packages without requiring any authentication. (Note
to achuni: For existing ARB applications, we'll need to run a script
once this fix is released [2])

It doesn't address the openid issue that you experienced (as a person
with commercial access trying to access private package uploads) -
that will require further investigation, and so I've created a
separate bug 900185 for the openid issue (referring back to this one)
so that you and achuni can discuss that.

In the mean time, if luke can currently download any private packages
(as you mentioned above), then please let us know (as something is
mis-configured), but otherwise, it would be great if those ARB apps
that are still private due to the bug could be made available
elsewhere so he's not blocked. I don't have ARB access to devportal,
otherwise I'd do it now. I can help out if given access.

Hope that helps!

[1] https://launchpad.net/~myapps-reviewers/+members
[2] JFTR, basically:
{{{
arb_apps = Application.objects.filter(arb_reviewable=True)
for app in arb_apps:
    app.ensure_access_to_upload()
}}}

Changed in developer-portal:
milestone: none → 11.11
Changed in developer-portal:
status: Fix Committed → Fix Released

Anthony just had the script (from comment 13) run on production just now so all previously created arb apps will now have public packages available for download.

Daniel Holbach (dholbach) wrote :

Yes, confirmed. I couldn't find any that was not downloadable. :-)

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers