File Changes for angie

v333_preview2 to v333_base (2016-05-16 to 2016-05-23) v333

• src/hg/hgLogin/hgLogin.c
  • lines changed 77, context: html, text, full: html, text
    185dbcc2ba84d6eb1301163b926ebed3177cd379 Thu May 19 04:42:20 2016 -0700
    Several revisions to login cookie-checking after helpful code review by Max:
    
    Use /dev/urandom instead of srand(clock1000()), duh.
    
    Instead of forming cookie strings in both wikiLink.c and hgLogin.c,
    form them all in wikiLink.c so they're consistent. The wikiLink
    routines now return (possibly empty) slName lists of cookie strings
    to be set.
    
    The login system uses new cookie names that default to a concatentation
    of central.cookie (which needs to have one name per central database,
    like hguid for RR hgcentral and hguid.genome-test for hgcentraltest)
    and either optional new config params login.tokenCookie and
    login.userNameCookie or central.cookie concatenated with hgLoginToken and
    hgLoginUserName (because login uses the central db, so it's different for
    hgwdev vs RR). If those cookies are not set but the wiki cookies are set,
    then we accept the wiki cookie values and send out the new cookies,
    removing the wiki cookies the first time that happens.
    
    The login system no longer depends on any wiki.* hg.conf settings.
    
    refs #17336, #17327
    
  • lines changed 3, context: html, text, full: html, text
    ecd6e5bc9b85bcbafb08da0c1dae876b284ba69c Fri May 20 16:17:00 2016 -0700
    New random-token method for login (HT Max & Galt): instead of requiring a new table gbMemberToken, use autoUpgrade to add a new column (keyList) to gbMembers that contains a list of long random keys, analogous to userDb and sessionDb's sessionKey (see cartDb.c). The token cookie now includes both gbMembers.idx (for fast lookup) and the long random key, similar to the hguid cookie and hgsid CGI param. keyList is a list in order to support user login on multiple web clients. refs #17327 #17336 note-11
    
• src/hg/hgLogin/hgLogin.h
  • lines changed 1, context: html, text, full: html, text
    185dbcc2ba84d6eb1301163b926ebed3177cd379 Thu May 19 04:42:20 2016 -0700
    Several revisions to login cookie-checking after helpful code review by Max:
    
    Use /dev/urandom instead of srand(clock1000()), duh.
    
    Instead of forming cookie strings in both wikiLink.c and hgLogin.c,
    form them all in wikiLink.c so they're consistent. The wikiLink
    routines now return (possibly empty) slName lists of cookie strings
    to be set.
    
    The login system uses new cookie names that default to a concatentation
    of central.cookie (which needs to have one name per central database,
    like hguid for RR hgcentral and hguid.genome-test for hgcentraltest)
    and either optional new config params login.tokenCookie and
    login.userNameCookie or central.cookie concatenated with hgLoginToken and
    hgLoginUserName (because login uses the central db, so it's different for
    hgwdev vs RR). If those cookies are not set but the wiki cookies are set,
    then we accept the wiki cookie values and send out the new cookies,
    removing the wiki cookies the first time that happens.
    
    The login system no longer depends on any wiki.* hg.conf settings.
    
    refs #17336, #17327
    
• src/hg/hgSession/hgSession.c
  • lines changed 3, context: html, text, full: html, text
    185dbcc2ba84d6eb1301163b926ebed3177cd379 Thu May 19 04:42:20 2016 -0700
    Several revisions to login cookie-checking after helpful code review by Max:
    
    Use /dev/urandom instead of srand(clock1000()), duh.
    
    Instead of forming cookie strings in both wikiLink.c and hgLogin.c,
    form them all in wikiLink.c so they're consistent. The wikiLink
    routines now return (possibly empty) slName lists of cookie strings
    to be set.
    
    The login system uses new cookie names that default to a concatentation
    of central.cookie (which needs to have one name per central database,
    like hguid for RR hgcentral and hguid.genome-test for hgcentraltest)
    and either optional new config params login.tokenCookie and
    login.userNameCookie or central.cookie concatenated with hgLoginToken and
    hgLoginUserName (because login uses the central db, so it's different for
    hgwdev vs RR). If those cookies are not set but the wiki cookies are set,
    then we accept the wiki cookie values and send out the new cookies,
    removing the wiki cookies the first time that happens.
    
    The login system no longer depends on any wiki.* hg.conf settings.
    
    refs #17336, #17327
    
• src/hg/inc/autoUpgrade.h
  • lines changed 19, context: html, text, full: html, text
    0cedad8cd900ffc7748341d00d99a589f9d19880 Thu May 19 12:19:44 2016 -0700
    Separated out Galt's autoUpgrade code that robustly attempts to add a column to a table into a new lib module. refs #17336 note-11
    
  • lines changed 2, context: html, text, full: html, text
    ecd6e5bc9b85bcbafb08da0c1dae876b284ba69c Fri May 20 16:17:00 2016 -0700
    New random-token method for login (HT Max & Galt): instead of requiring a new table gbMemberToken, use autoUpgrade to add a new column (keyList) to gbMembers that contains a list of long random keys, analogous to userDb and sessionDb's sessionKey (see cartDb.c). The token cookie now includes both gbMembers.idx (for fast lookup) and the long random key, similar to the hguid cookie and hgsid CGI param. keyList is a list in order to support user login on multiple web clients. refs #17327 #17336 note-11
    
• src/hg/inc/wikiLink.h
  • lines changed 20, context: html, text, full: html, text
    185dbcc2ba84d6eb1301163b926ebed3177cd379 Thu May 19 04:42:20 2016 -0700
    Several revisions to login cookie-checking after helpful code review by Max:
    
    Use /dev/urandom instead of srand(clock1000()), duh.
    
    Instead of forming cookie strings in both wikiLink.c and hgLogin.c,
    form them all in wikiLink.c so they're consistent. The wikiLink
    routines now return (possibly empty) slName lists of cookie strings
    to be set.
    
    The login system uses new cookie names that default to a concatentation
    of central.cookie (which needs to have one name per central database,
    like hguid for RR hgcentral and hguid.genome-test for hgcentraltest)
    and either optional new config params login.tokenCookie and
    login.userNameCookie or central.cookie concatenated with hgLoginToken and
    hgLoginUserName (because login uses the central db, so it's different for
    hgwdev vs RR). If those cookies are not set but the wiki cookies are set,
    then we accept the wiki cookie values and send out the new cookies,
    removing the wiki cookies the first time that happens.
    
    The login system no longer depends on any wiki.* hg.conf settings.
    
    refs #17336, #17327
    
  • lines changed 4, context: html, text, full: html, text
    ecd6e5bc9b85bcbafb08da0c1dae876b284ba69c Fri May 20 16:17:00 2016 -0700
    New random-token method for login (HT Max & Galt): instead of requiring a new table gbMemberToken, use autoUpgrade to add a new column (keyList) to gbMembers that contains a list of long random keys, analogous to userDb and sessionDb's sessionKey (see cartDb.c). The token cookie now includes both gbMembers.idx (for fast lookup) and the long random key, similar to the hguid cookie and hgsid CGI param. keyList is a list in order to support user login on multiple web clients. refs #17327 #17336 note-11
    
• src/hg/lib/autoUpgrade.c
  • lines changed 107, context: html, text, full: html, text
    0cedad8cd900ffc7748341d00d99a589f9d19880 Thu May 19 12:19:44 2016 -0700
    Separated out Galt's autoUpgrade code that robustly attempts to add a column to a table into a new lib module. refs #17336 note-11
    
• src/hg/lib/cart.c
  • lines changed 5, context: html, text, full: html, text
    ce16fc5a8df55c02029781b267936bde5110264e Mon May 16 12:04:05 2016 -0700
    Oops, cartLoadUserSession is called before cartWriteCookie, so it needs to call loginSystemValidateCookies first.
    refs #17327
    
  • lines changed 4, context: html, text, full: html, text
    185dbcc2ba84d6eb1301163b926ebed3177cd379 Thu May 19 04:42:20 2016 -0700
    Several revisions to login cookie-checking after helpful code review by Max:
    
    Use /dev/urandom instead of srand(clock1000()), duh.
    
    Instead of forming cookie strings in both wikiLink.c and hgLogin.c,
    form them all in wikiLink.c so they're consistent. The wikiLink
    routines now return (possibly empty) slName lists of cookie strings
    to be set.
    
    The login system uses new cookie names that default to a concatentation
    of central.cookie (which needs to have one name per central database,
    like hguid for RR hgcentral and hguid.genome-test for hgcentraltest)
    and either optional new config params login.tokenCookie and
    login.userNameCookie or central.cookie concatenated with hgLoginToken and
    hgLoginUserName (because login uses the central db, so it's different for
    hgwdev vs RR). If those cookies are not set but the wiki cookies are set,
    then we accept the wiki cookie values and send out the new cookies,
    removing the wiki cookies the first time that happens.
    
    The login system no longer depends on any wiki.* hg.conf settings.
    
    refs #17336, #17327
    
• src/hg/lib/cartDb.c
  • lines changed 135, context: html, text, full: html, text
    0cedad8cd900ffc7748341d00d99a589f9d19880 Thu May 19 12:19:44 2016 -0700
    Separated out Galt's autoUpgrade code that robustly attempts to add a column to a table into a new lib module. refs #17336 note-11
    
• src/hg/lib/gbMemberToken.as
  • lines changed 8, context: html, text, full: html, text
    ecd6e5bc9b85bcbafb08da0c1dae876b284ba69c Fri May 20 16:17:00 2016 -0700
    New random-token method for login (HT Max & Galt): instead of requiring a new table gbMemberToken, use autoUpgrade to add a new column (keyList) to gbMembers that contains a list of long random keys, analogous to userDb and sessionDb's sessionKey (see cartDb.c). The token cookie now includes both gbMembers.idx (for fast lookup) and the long random key, similar to the hguid cookie and hgsid CGI param. keyList is a list in order to support user login on multiple web clients. refs #17327 #17336 note-11
    
• src/hg/lib/gbMemberToken.c
  • lines changed 139, context: html, text, full: html, text
    ecd6e5bc9b85bcbafb08da0c1dae876b284ba69c Fri May 20 16:17:00 2016 -0700
    New random-token method for login (HT Max & Galt): instead of requiring a new table gbMemberToken, use autoUpgrade to add a new column (keyList) to gbMembers that contains a list of long random keys, analogous to userDb and sessionDb's sessionKey (see cartDb.c). The token cookie now includes both gbMembers.idx (for fast lookup) and the long random key, similar to the hguid cookie and hgsid CGI param. keyList is a list in order to support user login on multiple web clients. refs #17327 #17336 note-11
    
• src/hg/lib/gbMemberToken.h
  • lines changed 66, context: html, text, full: html, text
    ecd6e5bc9b85bcbafb08da0c1dae876b284ba69c Fri May 20 16:17:00 2016 -0700
    New random-token method for login (HT Max & Galt): instead of requiring a new table gbMemberToken, use autoUpgrade to add a new column (keyList) to gbMembers that contains a list of long random keys, analogous to userDb and sessionDb's sessionKey (see cartDb.c). The token cookie now includes both gbMembers.idx (for fast lookup) and the long random key, similar to the hguid cookie and hgsid CGI param. keyList is a list in order to support user login on multiple web clients. refs #17327 #17336 note-11
    
• src/hg/lib/gbMemberToken.sql
  • lines changed 14, context: html, text, full: html, text
    ecd6e5bc9b85bcbafb08da0c1dae876b284ba69c Fri May 20 16:17:00 2016 -0700
    New random-token method for login (HT Max & Galt): instead of requiring a new table gbMemberToken, use autoUpgrade to add a new column (keyList) to gbMembers that contains a list of long random keys, analogous to userDb and sessionDb's sessionKey (see cartDb.c). The token cookie now includes both gbMembers.idx (for fast lookup) and the long random key, similar to the hguid cookie and hgsid CGI param. keyList is a list in order to support user login on multiple web clients. refs #17327 #17336 note-11
    
• src/hg/lib/makefile
  • lines changed 1, context: html, text, full: html, text
    0cedad8cd900ffc7748341d00d99a589f9d19880 Thu May 19 12:19:44 2016 -0700
    Separated out Galt's autoUpgrade code that robustly attempts to add a column to a table into a new lib module. refs #17336 note-11
    
• src/hg/lib/wikiLink.c
  • lines changed 10, context: html, text, full: html, text
    46b4e2937954d44c12dcb496a140608316959d21 Mon May 16 13:58:14 2016 -0700
    duh, if loginSystem is not enabled, we cannot use the gbMembers table. refs #17327
    
  • lines changed 223, context: html, text, full: html, text
    185dbcc2ba84d6eb1301163b926ebed3177cd379 Thu May 19 04:42:20 2016 -0700
    Several revisions to login cookie-checking after helpful code review by Max:
    
    Use /dev/urandom instead of srand(clock1000()), duh.
    
    Instead of forming cookie strings in both wikiLink.c and hgLogin.c,
    form them all in wikiLink.c so they're consistent. The wikiLink
    routines now return (possibly empty) slName lists of cookie strings
    to be set.
    
    The login system uses new cookie names that default to a concatentation
    of central.cookie (which needs to have one name per central database,
    like hguid for RR hgcentral and hguid.genome-test for hgcentraltest)
    and either optional new config params login.tokenCookie and
    login.userNameCookie or central.cookie concatenated with hgLoginToken and
    hgLoginUserName (because login uses the central db, so it's different for
    hgwdev vs RR). If those cookies are not set but the wiki cookies are set,
    then we accept the wiki cookie values and send out the new cookies,
    removing the wiki cookies the first time that happens.
    
    The login system no longer depends on any wiki.* hg.conf settings.
    
    refs #17336, #17327
    
  • lines changed 256, context: html, text, full: html, text
    ecd6e5bc9b85bcbafb08da0c1dae876b284ba69c Fri May 20 16:17:00 2016 -0700
    New random-token method for login (HT Max & Galt): instead of requiring a new table gbMemberToken, use autoUpgrade to add a new column (keyList) to gbMembers that contains a list of long random keys, analogous to userDb and sessionDb's sessionKey (see cartDb.c). The token cookie now includes both gbMembers.idx (for fast lookup) and the long random key, similar to the hguid cookie and hgsid CGI param. keyList is a list in order to support user login on multiple web clients. refs #17327 #17336 note-11
    
• src/lib/common.c
  • lines changed 3, context: html, text, full: html, text
    ecd6e5bc9b85bcbafb08da0c1dae876b284ba69c Fri May 20 16:17:00 2016 -0700
    New random-token method for login (HT Max & Galt): instead of requiring a new table gbMemberToken, use autoUpgrade to add a new column (keyList) to gbMembers that contains a list of long random keys, analogous to userDb and sessionDb's sessionKey (see cartDb.c). The token cookie now includes both gbMembers.idx (for fast lookup) and the long random key, similar to the hguid cookie and hgsid CGI param. keyList is a list in order to support user login on multiple web clients. refs #17327 #17336 note-11