Need to be able to get SVN password from the UI

Bug #528450 reported by David Coles
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
IVLE
Fix Released
Low
Matt Giuca

Bug Description

Since we tutors require access to students SVN repositories for marking, we need a way to give them their SVN hash from the UI.

At the moment the IVLE tour recommends entering the following into a console:

import ivle.config
ivle.config.Config()['user_info']['svn_pass']

While this works, it's just a bit ugly. We have this pretty UI for getting submissions and have to get people to use a magic incantation in the console. Surely this can be improved.

Related branches

Revision history for this message
Matt Giuca (mgiuca) wrote :

1. Display the SVN password in the user settings page (as an immutable field). Potentially even allow users to modify their svn password.
2. On the lecturer submissions view (which gives lecturers the svn co command), display the lecturer's SVN credentials on that page. This would avoid having to get it out of the console.

These are both extremely easy and should be implemented for 1.0.1.

summary: - Need to be able to get SVN hash from the UI
+ Need to be able to get SVN password from the UI
Changed in ivle:
milestone: none → 1.0.1
assignee: nobody → Matt Giuca (mgiuca)
Revision history for this message
Matt Giuca (mgiuca) wrote :

In (1) above, also display the user's SVN URL, so they can check out their personal repository in an external client.

Revision history for this message
Matt Giuca (mgiuca) wrote :

This is a bit of a security risk (for the same reason we typically show ***s in password fields). We don't want someone happening to look over someone else's shoulder and getting their SVN password.

Only show it on the user page (the lecturer submissions page should have a link to that page). And make it display: hidden with a Javascript clicky top open it up.

Thoughts? I'm still concerned that it lets someone who randomly accesses someone's account to get the svn password. For even better security, we should potentially have a separate form where we ask them to enter their IVLE password before displaying the svn password.

Changed in ivle:
status: Triaged → In Progress
Revision history for this message
Matt Giuca (mgiuca) wrote :

Fixed in trunk r1782 and r1785. Additional documentation in subsequent commits.

Changed in ivle:
status: In Progress → Fix Committed
William Grant (wgrant)
Changed in ivle:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers