< Niklaus.20220121-ruby-31 | Index | Niklaus.20210202-ruby-30-cleanup >>

Niklaus.20210310-davazCom

Summary

• Update to ruby 3.0.0
• Replace yus by a textfile with encrypted passwords
• Keep in Mind

Commits

• Upgrade to ruby 3.0.0 l
• Remove yus. Add pw_server
• Fix redirect for login
• Remove all leftovers from yus
• Updated to odba 1.1.8 to remove dependency on pg
• Updated readme to document generation of password file
• Make dependency on pg optional. Fix warnings
• Make dependency on pg optional. Fix warnings

Index

• Update to ruby 3.0.0
• Replace yus by a textfile with encrypted passwords

Update to ruby 3.0.0

Removing the Gemfile.lock, adding watir to Gemfile (no longer part of the ruby core gems) and running bundle install was needed.

Changed in /service/davaz.com/run the exec line to exec sudo -u apache bundle-300 exec rackup --host 192.168.0.75 -p 8007 --quiet, to enforce IPv4 connections only.

Replace yus by a textfile with encrypted passwords

Added src/util/pw_server.rb and test/test_pw_server.rb to replace yus_session, which has only three functions.

To use crypt we need a salt, which is stored in etc/pw_server.salt, respectively in test/pw_server.salt for tests.

The entries for the different users are stored etc/pw_server.passwords, respectively in test/pw_server.passwords for tests. We assumen, that these file, will not be readable via the Web!

To ease setting up, I create the utility bin/generate_passwd_entry which helps adding a new user. Here is the extract for a setup

niklaus@oddb-ci2 ~/g/davaz.com> bundle exec bin/generate_passwd_entry
Missing password file  /home/niklaus/git/davaz.com/etc/pw_server.passwords
niklaus@oddb-ci2 ~/g/davaz.com> touch /home/niklaus/git/davaz.com/etc/pw_server.passwords
niklaus@oddb-ci2 ~/g/davaz.com> bundle exec bin/generate_passwd_entry
Missing salt file  /home/niklaus/git/davaz.com/etc/pw_server.salt
niklaus@oddb-ci2 ~/g/davaz.com> echo "Salting" > /home/niklaus/git/davaz.com/etc/pw_server.salt
niklaus@oddb-ci2 ~/g/davaz.com> bundle exec bin/generate_passwd_entry
bin/generate_passwd_entry must be called with: email password
niklaus@oddb-ci2 ~/g/davaz.com> bundle exec bin/generate_passwd_entry test_user test_password
---
- !ruby/struct:PwServer::PwEntry
mail: test_user
password: SaEuPAWap5SoM
token: 6345363139588877522

Pushed commit Remove yus. Add pw_server. After pulling the changes into /var/www/davaz.com and calling bundle install the server can be restarted. However I am still being unable to login. Why?

When looking at the web console in my firefox I see the following warnings

Das Cookie "davaz.com-preferences" wird in Zukunft bald abgelehnt werden, da es für das Attribut "SameSite" entweder "None" oder einen ungültigen Wert angibt, ohne das "secure"-Attribut zu verwenden. Weitere Informationen zum "SameSite"-Attribut finden Sie unter https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite. work
Das Cookie "_session_id" wird in Zukunft bald abgelehnt werden, da es für das Attribut "SameSite" entweder "None" oder einen ungültigen Wert angibt, ohne das "secure"-Attribut zu verwenden. Weitere Informationen zum "SameSite"-Attribut finden Sie unter https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite. work
Synchrone XMLHttpRequests am Haupt-Thread sollte nicht mehr verwendet werden, weil es nachteilige Effekte für das Erlebnis der Endbenutzer hat. Für weitere Hilfe siehe http://xhr.spec.whatwg.org/ dojo.js:15:2965
Diese Seite verwendet die nicht standardisierte Eigenschaft "zoom". Stattdessen sollte calc() in den entsprechenden Eigenschaftswerten oder "transform" zusammen mit "transform-origin: 0 0" verwendet werden. work
Quellübergreifende (Cross-Origin) Anfrage blockiert: Die Gleiche-Quelle-Regel verbietet das Lesen der externen Ressource auf http://192.168.0.75/en/admin/login_form/. (Grund: CORS-Kopfzeile 'Access-Control-Allow-Origin' fehlt).
Quellübergreifende (Cross-Origin) Anfrage blockiert: Die Gleiche-Quelle-Regel verbietet das Lesen der externen Ressource auf http://192.168.0.75/en/admin/login_form/. (Grund: CORS-Anfrage schlug fehl).

Looking at the webrowser network analyser tab I found, that login.html was not fetched via port 8009 as the other pages. Found the culprit and fixed it via commit Remove yus. Add pw_server.

Login/logout still did not work, as the methods valid? and allowed? were missing from the yus-session. Also a not logged in session default now to the false class and we had to adapt a few places for this. The fixes were pushed via Fix redirect for login.

Now login and logout work whether with a valid and a invalid user. Was unable to make the chromebrowser and google-chrome-stable to work with rake test. Abondoned after trying for a about half an hour.

Had to update the odba and ydbi gem to remove forced dependencies on pg. Updated the readme about generating password file.

On fastpower pulled the changes as user bbmb. The installed the gem like this

 cd /var/www/new.davaz.com
sudo rm -rf vendor/ruby/3.0.0/
sudo -u bbmb bundle-300 config set --local path vendor
sudo -u bbmb bundle-300 install
<...>
/usr/lib/gcc/x86_64-pc-linux-gnu/7.3.1/../../../../x86_64-pc-linux-gnu/bin/ld: cannot find -lnsl

This command fails. Looks like a library is missing.

But editing the page /en/personal/life is still not possible. Stack-Trace is

NoMethodError: undefined method `generate_token' for #<struct PwServer::PwEntry mail="test_user", password="SaEuPAWap5SoM", token=8051873048666841245>
/var/www/davaz.com/src/util/session.rb:94:in `login'
/var/www/davaz.com/src/state/_partial/login.rb:8:in `login'
/var/www/davaz.com/vendor/ruby240/ruby/3.0.0/gems/sbsm-1.6.0/lib/sbsm/state.rb:198:in `_trigger'
/var/www/davaz.com/vendor/ruby240/ruby/3.0.0/gems/sbsm-1.6.0/lib/sbsm/state.rb:187:in `trigger'
/var/www/davaz.com/src/state/global.rb:113:in `trigger'
/var/www/davaz.com/vendor/ruby240/ruby/3.0.0/gems/sbsm-1.6.0/lib/sbsm/session.rb:256:in `block in process_rack'
/var/www/davaz.com/vendor/ruby240/ruby/3.0.0/gems/sbsm-1.6.0/lib/sbsm/session.rb:209:in `synchronize'
/var/www/davaz.com/vendor/ruby240/ruby/3.0.0/gems/sbsm-1.6.0/lib/sbsm/session.rb:209:in `process_rack'
/var/www/davaz.com/vendor/ruby240/ruby/3.0.0/gems/sbsm-1.6.0/lib/sbsm/app.rb:126:in `call'
/var/www/davaz.com/vendor/ruby240/ruby/3.0.0/gems/rack-2.2.3/lib/rack/lint.rb:50:in `_call'
/var/www/davaz.com/vendor/ruby240/ruby/3.0.0/gems/rack-2.2.3/lib/rack/lint.rb:38:in `call'
/var/www/davaz.com/vendor/ruby240/ruby/3.0.0/gems/rack-2.2.3/lib/rack/show_exceptions.rb:23:in `call'
/var/www/davaz.com/vendor/ruby240/ruby/3.0.0/gems/rack-2.2.3/lib/rack/content_length.rb:17:in `call'
/var/www/davaz.com/vendor/ruby240/ruby/3.0.0/gems/rack-2.2.3/lib/rack/static.rb:161:in `call'
/var/www/davaz.com/vendor/ruby240/ruby/3.0.0/gems/rack-2.2.3/lib/rack/common_logger.rb:38:in `call'
/var/www/davaz.com/vendor/ruby240/ruby/3.0.0/gems/rack-2.2.3/lib/rack/tempfile_reaper.rb:15:in `call'
/var/www/davaz.com/vendor/ruby240/ruby/3.0.0/gems/rack-2.2.3/lib/rack/lint.rb:50:in `_call'
/var/www/davaz.com/vendor/ruby240/ruby/3.0.0/gems/rack-2.2.3/lib/rack/lint.rb:38:in `call'
/var/www/davaz.com/vendor/ruby240/ruby/3.0.0/gems/rack-2.2.3/lib/rack/show_exceptions.rb:23:in `call'
/var/www/davaz.com/vendor/ruby240/ruby/3.0.0/gems/rack-2.2.3/lib/rack/common_logger.rb:38:in `call'
/var/www/davaz.com/vendor/ruby240/ruby/3.0.0/gems/rack-2.2.3/lib/rack/content_length.rb:17:in `call'
/var/www/davaz.com/vendor/ruby240/ruby/3.0.0/gems/rack-2.2.3/lib/rack/handler/webrick.rb:95:in `service'
/var/www/davaz.com/vendor/ruby240/ruby/3.0.0/gems/webrick-1.7.0/lib/webrick/httpserver.rb:140:in `service'
/var/www/davaz.com/vendor/ruby240/ruby/3.0.0/gems/webrick-1.7.0/lib/webrick/httpserver.rb:96:in `run'