BlenderID support in Phabricator #69300
Labels
No Label
Interest
Alembic
Interest
Animation & Rigging
Interest
Asset Browser
Interest
Asset Browser Project Overview
Interest
Audio
Interest
Automated Testing
Interest
Blender Asset Bundle
Interest
BlendFile
Interest
Collada
Interest
Compatibility
Interest
Compositing
Interest
Core
Interest
Cycles
Interest
Dependency Graph
Interest
Development Management
Interest
EEVEE
Interest
EEVEE & Viewport
Interest
Freestyle
Interest
Geometry Nodes
Interest
Grease Pencil
Interest
ID Management
Interest
Images & Movies
Interest
Import Export
Interest
Line Art
Interest
Masking
Interest
Metal
Interest
Modeling
Interest
Modifiers
Interest
Motion Tracking
Interest
Nodes & Physics
Interest
OpenGL
Interest
Overlay
Interest
Overrides
Interest
Performance
Interest
Physics
Interest
Pipeline, Assets & IO
Interest
Platforms, Builds & Tests
Interest
Python API
Interest
Render & Cycles
Interest
Render Pipeline
Interest
Sculpt, Paint & Texture
Interest
Text Editor
Interest
Translations
Interest
Triaging
Interest
Undo
Interest
USD
Interest
User Interface
Interest
UV Editing
Interest
VFX & Video
Interest
Video Sequencer
Interest
Virtual Reality
Interest
Vulkan
Interest
Wayland
Interest
Workbench
Interest: X11
Legacy
Blender 2.8 Project
Legacy
Milestone 1: Basic, Local Asset Browser
Legacy
OpenGL Error
Meta
Good First Issue
Meta
Papercut
Meta
Retrospective
Meta
Security
Module
Animation & Rigging
Module
Core
Module
Development Management
Module
EEVEE & Viewport
Module
Grease Pencil
Module
Modeling
Module
Nodes & Physics
Module
Pipeline, Assets & IO
Module
Platforms, Builds & Tests
Module
Python API
Module
Render & Cycles
Module
Sculpt, Paint & Texture
Module
Triaging
Module
User Interface
Module
VFX & Video
Platform
FreeBSD
Platform
Linux
Platform
macOS
Platform
Windows
Priority
High
Priority
Low
Priority
Normal
Priority
Unbreak Now!
Status
Archived
Status
Confirmed
Status
Duplicate
Status
Needs Info from Developers
Status
Needs Information from User
Status
Needs Triage
Status
Resolved
Type
Bug
Type
Design
Type
Known Issue
Type
Patch
Type
Report
Type
To Do
No Milestone
No project
No Assignees
7 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: blender/blender#69300
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
There are two instances of the integration:
More information needed.
Added subscribers: @dfelinto, @fsiddi, @jesterking
Added subscriber: @TaOuch
i have started to integrate the BlenderID OAuth2 for phabricator. you should be able to see something in the following days
Hi Frederic. Francesco has mentioned someone working on it. Could you give a bit more detail on that and how far you got already?
Good morning Dalai! At the moment I m testing the OAuth2 login communication between Phabricator and Blender ID. It seems to be pretty straight forward as its well implemented on both side. I m actually spending more time setting things up.
In Phabricator, i m simply extending the PhabricatorOAuth2AuthProvider class, which handle all the work.
Right now, as Blender ID require an https return URI, i have to change my local phabricator to https.
Implementing the badge system will required more coding. I have still not had a look at it, thats why the OAuth2 login is a good warm up for me :)
at the moment, I can only work a couple hours a day for Blender.
HI. i have couple of questions
in order to have phabricator running, it needs also arcanist and libphutil. in the git.blender i see only Phabricator. i tried to used arcanist and libphutil from Phacility but then i get a missmatch version. so for now i using the one from Phacility, but what shall i do to make the one from git.blender work?
i get my app authorized by my local blender id. then Phabricator tries to query api/me, but my local blender id throw an error,
AttributeError: 'AnonymousUser' object has no attribute 'roles'
here is an example of the URI
http://id.local:8000/api/me?access_token=dkM1nazOTk2GR57hxCHMgy7XKho9Zb
i get same error in either curl or postman.
from the browser where i m logged it returns a nice JSON
The Phabricator repository indeed doesn't have the arcanist and libphutil as submodule. You need to clone those repositories as per Phabricator installation guide, then checkout the following sha1s:
arcanist: 7329bc7c32b995a7dce0319723857cbdf4f95a91
libphutil: ada64585035e8fbdf5d0dd6abfb6c13e6b160b7d
Installation doc: https://secure.phabricator.com/book/phabricator/article/installation_guide/ (under Installing Required Components)
thanks. it works now
in order to have a new OAuth2 provider in Phabricator, i have to add a class also in lipphutil
'PhutilBlenderIDAuthAdapter' => 'auth/PhutilBlenderIDAuthAdapter.php'
Added subscriber: @Sergey
The custom code is to be places under
src/extensions
folder. We already have custom apps for buildbot and documentation integration.Also, you don't need to manually add phutil library map, use
arc liberate
for this.For the badge system I would imagine we would use existing Phabricator's badges, and some cronjob type of a thing to synchronize those from Blender ID using Conduit API. At least that's what seemed most clean approach when we've looked into this with @fsiddi.
thanks.
src/extensions
works like a charmhere is an implementation of the Login
https://github.com/TaOuch/phabricator-blender-id-oauth-login
Can you submit it here as a differential review (firing a patch against
blender-tweaks
branch ofphabricator.git
repository)?There is some feedback on the code (nothing big from my side, but doing it in code review is more natural).
Francesco told me to create a standalone repo. for me its the same :) i guess check together how to handle this best
otherwise i would like to start thinking about the Badges if you ok. Sergey mentioned the possibility to do a cronjob that will take care of the sync. personally i think this is the good backup solution. but i would better check a solution within Phabricator itself. could easily hook something.
the main question is how often you want the sync to be done? only once a day? or more close to the real time?
after talking with Francesco, and as Sergey mentionned, i gonna do a python script that will query Blender ID and update Phabricator via the Conduit API. it will be triggered via a cronjob
My suggestion is to not over-engineer it. Just update the patch whenever things are ready or there is something new you need to be reviewed.
Specially because different bits of the functionality can be reviewed separately.
While the development would need to be moved to the blender-tweaks branch for the ease of deployment, here is some quick feedback about code:
if (strlen($name)) {
=>if ($name != '')
(avoid calculating length just to see if the string is empty)thanks for the feedback, i have made an update to the repo
for the badge implementation, on Phabricator side:
https://secure.phabricator.com/uiexample/view/PHUIBadgeExample/
So if you want to have for instance the Blender logo instead of their icons, some CSS tricks could be done to rewrite their CSS rules. i guess this is the easiest solution. but its ugly, and weak (as soon as Phabricator would changed their HTML tags / class, the new Blender CSS rules could be lost)
If a proper customisation is needed for the Blender Badge Layout, i guess a new Blender Badge System could be implemented in parallel to their badges system. But i am not sure if its worth it.
I need to retrieve the user phID from their emails, or even better, from the Blender ID user which is also saved inside Phabricator
user_externalaccount
table. but the last one is far beyond Conduit scope.Conduit API let you search users from their username, and thats about it.
I could simply query directly the dB to retrieve the user phID, and then use the Conduit API to create the relation phID badge -> phID user
on the Blender ID side:
A solution would be to retrieve all the valid token directly from the dB (Blender or Phabricator dB) for the selected users, and then use the API to get the badges for each token.
Another solution would be to update the Blender ID API with a new method that will allow to retrieve all badges. For performance, it could be wise also to be able to apply some filter like a list of Blender ID user, or the date (which is not currently save inside the Blender dB)
Added subscriber: @dr.sybren
You cannot pass access tokens on the URL. Use the HTTP Authorization header for this, like
Authorization: Bearer dkM1nazOTk2GR57hxCHMgy7XKho9Zb
.Thanks Sybren.
The token topic has been already solved.
you can find the implementation of the Blender ID login here
https://github.com/TaOuch/phabricator-blender-id-oauth-login
From the tests with @fsiddi.
If you go to the
/settings/user/user/page/external/
page after logging in with Blender ID account the following message is shown:Don't think it's something what is supposed to happen.
P.S. By accident submitted non-final text, sorry.
yes. it should have been corrected on the last push last week ... i gonna fire a patch now on the blender-tweaks branch :)
That'd be great!
As discussed in a chat with Frederic, I have asked @dr.sybren to pick this up and advise Frederic if there are any further questions with the integration. Feel free to discontinue the repo at https://github.com/TaOuch/phabricator-blender-id-oauth-login and start working against
blender-tweaks
. I can give some more feedback about Badges later on.to give some updates:
For instance Conduit API can not search a user per email, nor per login method. and Blender ID API return only the badges associated to the owner of the used Token.
So here, i would recommend to by pass the APIs, and query directly the database. Its definitely the fastest and the cleanest solution.
Please make this a hourly/5-minutely thing, so that the load is spread across the day and not bundled up at one point in time.
So what can the Conduit API do?
Instead of refreshing all badges on a daily basis, wouldn't it be easier to do it every once in a while during the user's browsing session? At that time the user is logged in, so their token is known, and it might be possible to refresh the badge in the background? Just thinking out loud here, I have no experience with Phabricator so I don't know whether this is easy/hard/impossibru.
I strongly disagree here. Having Phabricator connect to the Blender ID database is not a good idea. Not only from an infrastructural standpoint (it creates tight coupling between Blender ID and Phabricator, and makes database migrations impossible) but also from a security standpoint (it contains more data than Phabricator is allowed to access right now). Furthermore, the people at the KDE project also are interested in Blender ID integration with their Phabricator installation. Giving third parties database access doesn't sound like a wise plan to me.
I am not aware of any background processes supported by Phabricator.
From quick look synchronizing badges themselves (as in, Patron, Silver, etc) should already be possible.
For attaching badges to users we can easily add a custom conduit API which will receive a Blender ID and list of badges. It will be then simple to query an actual user and modify its badges.
The Conduit API can search users on
id
,phid
, andusername
, but it never returns any emails.I need to retrieve the Phabricator users who log in via Blender ID. In the Phabricator dB, table
user_externalaccount
, there is a fieldaccountID
which is the user ID from Blender ID. Having this data would be optimal.https://secure.phabricator.com/conduit/method/user.search/
For the badges, Conduit API is enough. I can search a badge from his name, and award user to badge. I do not think i need more.
Yes i agree. But i think @fsiddi was worried about performances, and pointed out having a daily cron job might be less servers intensive.
Yes totally. I think its the right logic. But i havent been able to find a hook in Phabricator for doing that.
I meant that the cron job access directly the dB. It need read only users:
To award the badges, i could then simply use the Conduit API.
Yes, then in this case, having a cron job might not be the best solution.
(i have edited a typo mistake)
Do you have links / docs about synchronising badges?
This is a good idea. I will check it out.
So for the rest of the week, i will further study on:
From the phabricator there is a badge conduit API. For seeing how tow glue Phabricator with Blender ID's badges check on how devtalk does it.
Unfortunately, i am not sure where that code is.
Never do it. Schema does change, and it's out of our control.
Catching issue with changed API when used from a custom Conduit API is way easier to catch.
Hi all.
I think i have some nice progress. I have been able to hook some functions via Phabricator's events system. From there i can query the Blender ID and Conduit APIs. The problem with this solution is that Phabricator says:
The event system is an artifact of a bygone era. Use of the event system is strongly discouraged. We have been removing events since 2013 and will continue to remove events in the future.
https://secure.phabricator.com/book/phabricator/article/events/
But they do not say what are the alternatives. So anyway i m going into this direction as this seem to be the "best" solution i got at the moment. The code that will update the badges should be portable (if well coded :) ) and if later on i find a better place to hook Phabricator, i will be able to easily move it.
I have also made some progress with the understanding of Phabricator's internal structure. Retrieving users datas, access token, and external account are much more clear.
So i hope i ll be able to send a diff patch for the end of the week with the 1st version of the code to sync the Badges.
Hi
I have updated the differential
https://developer.blender.org/D6015
About the Badge updater:
A user Bot has to be created to reward the Badges. For now please give him the username
BotBadge
. Later on i can add a propriety inside the Blender ID Oauth settings to set the Bot usernamePhabricator and Blender ID Badge have a different UI, therefore different properties. For instance in Phabricator we have the Badge quality and Badge icon which can not be picked up from Blender ID. So, the Badges have to be created manually in Phabricator.
The event that handle the update of the Badge
ui.willRenderProperties
, is triggered when the user goes to its Profile. After an update, the timestamp is saved inside the session, which will be checked to be sure no update will be done for the next 24h.There is still couple of things to do. Like revoking Badges from users, saving the Bot username inside the Blender ID Oauth settings, but i would like a feedback before i go further down this road.
Can it be done more like a manual edit is needed? As in, system will create a badge if it's needed and then one can tweak it's icon and what not?
It this how Phabricator works or is it how the patch works?
Yes. This can be done. I will make an update to the patch tomorrow.
Phabricator triggers the event
ui.willRenderProperties
when the user goes to its Profile. Not that its written in the doc, but from my tests its what i found out. If you have the console enabled in Phabricator, there is a tab with the events that are triggered.The Blender ID Badge updater register himself with this event. If this event solution satisfy you, i could try to create a specific Blender ID Badge event.
I have made an update
https://developer.blender.org/D6015
Blender Cloud
orGold Development Fund supporter
.An administrator must then adapt and tweaks the UI of the Badge itself.
I have made an update of the patch
https://developer.blender.org/D6015
It handles now the avatar from Blender ID:
Hi all.
I will upload this week the last updates. The library will handle Badge revocation. I m still doing the last tests to find the last bugs. But otherwise, from my side, i think this is it.
The weak points are:
I did not find a clean way to add icons to the Badges. All icons are defined in the final class
PhabricatorBadgesIconSet
. Then i guess i could rewrite some CSS rules to swap the existing icons for some more customised Blender ID icons. But this is kind of ugly.The event which trigger the Badge updates could be a bit more customised. Right now it listens to the Phabricator event
ui.willRenderProperties
, which happens when the user goes on his profile page. A better way would be to have a Blender ID Badge event, that gets triggered when the user goes to his badges page.I did not find a way to create such an event. The Phabricator class
PhabricatorEventType
can not be extended.I m looking forward to have your feedback.
The new patch is coming in the next days.
I have made an update of the patch
https://developer.blender.org/D6015
It can also revoke Badges from users.
With the move to Gitea, Blender ID is used to login.