diff options
author | Azul <azul@riseup.net> | 2016-07-05 09:27:35 +0200 |
---|---|---|
committer | Azul <azul@riseup.net> | 2016-07-05 09:27:35 +0200 |
commit | 8666b74ce75856421a87d25452aafaa9301de3fd (patch) | |
tree | 38f4f1b2d54c8c4ff6b1bc07616cadff1271de4b | |
parent | 949e17c7c30c5b179ba6545782ae995178481f78 (diff) | |
parent | bf77b0b1f53753ba239ef8c2668bc76603cd96e5 (diff) |
Merge remote-tracking branch 'pr/225' into develop
Fix install issue and update the documentation
During the rails 4 update db:migrate stopped working because the way couchrest loads all models broke. This includes a fix and also updates the install instructions.
I tried to separate advanced topics in development from the others by marking the sections (advanced) in doc/DEVELOP.md
-rw-r--r-- | README.md | 58 | ||||
-rw-r--r-- | app/models/identity.rb | 2 | ||||
-rw-r--r-- | app/models/user.rb | 2 | ||||
-rw-r--r-- | doc/DEPLOY.md | 9 | ||||
-rw-r--r-- | doc/DEVELOP.md | 41 | ||||
-rw-r--r-- | doc/TROUBLESHOOT.md | 14 | ||||
-rw-r--r-- | engines/support/app/models/account_extension/tickets.rb | 13 | ||||
-rw-r--r-- | engines/support/config/initializers/account_lifecycle.rb | 2 | ||||
-rw-r--r-- | engines/support/lib/account_extension/tickets.rb | 15 | ||||
-rw-r--r-- | lib/email.rb (renamed from app/models/email.rb) | 0 | ||||
-rw-r--r-- | lib/local_email.rb (renamed from app/models/local_email.rb) | 1 | ||||
-rw-r--r-- | lib/login_format_validation.rb (renamed from app/models/login_format_validation.rb) | 0 | ||||
-rw-r--r-- | test/unit/email_test.rb | 1 |
13 files changed, 110 insertions, 48 deletions
@@ -46,20 +46,6 @@ External docs: * Overview of the main code repositories * Ideas for discrete, unclaimed development projects that would greatly benefit the LEAP ecosystem. -Known problems ---------------------------- - -* Client certificates are generated without a CSR. The problem is that - this makes the web application extremely vulnerable to denial of - service attacks. This is not an issue unless the provider enables the - possibility of anonymously fetching a client certificate without - authenticating first. - -* By its very nature, the user database is vulnerable to enumeration - attacks. These are very hard to prevent, because our protocol is - designed to allow query of a user database via proxy in order to - provide network perspective. - Installation --------------------------- @@ -69,17 +55,37 @@ these instructions: ### Install system requirements +You'll need git, ruby (2.1.5), couchdb and bundler installed. +On a recent debian based distribution run + sudo apt install git ruby couchdb bundler -Your actual requirements might differ if you are running an older OS that defaults to ruby 1.9. +For other operation systems please lookup the install instructions of these +tools. ### Download source +We host our own git repository. In order to create a local clone run + git clone --recursive git://leap.se/leap_web + cd leap_web + +The repo is mirrored on github and we accept pull requests there: + + https://github.com/leapcode/leap_web + +### Pick branch (development only) + +We use the master branch for the stable version deployed to production. +Development usually happens on the develop branch. So for development you +want to run + + git checkout origin/develop -b develop + +This will create a local branch called develop based on our develop branch. ### Install required ruby libraries - cd leap_web bundle --binstubs Typically, you run ``bundle`` as a normal user and it will ask you for a @@ -88,13 +94,13 @@ have sudo, run ``bundle`` as root. ### Installation for development purposes -Please see `doc/DEVELOP.md` for further required steps when installing +Please see `doc/DEVELOP.md` for details about installing leap_web for development purposes. -Configuration +Configuration for Production ---------------------------- -The configuration file `config/defaults.yml` providers good defaults for +The configuration file `config/defaults.yml` provides good defaults for most values. You can override these defaults by creating a file `config/config.yml`. @@ -167,3 +173,17 @@ To run an individual test: or ruby -Itest certs/test/unit/client_certificate_test.rb +Known problems +--------------------------- + +* Client certificates are generated without a CSR. The problem is that + this makes the web application extremely vulnerable to denial of + service attacks. This is not an issue unless the provider enables the + possibility of anonymously fetching a client certificate without + authenticating first. + +* By its very nature, the user database is vulnerable to enumeration + attacks. These are very hard to prevent, because our protocol is + designed to allow query of a user database via proxy in order to + provide network perspective. + diff --git a/app/models/identity.rb b/app/models/identity.rb index f987e4e..92f8f7a 100644 --- a/app/models/identity.rb +++ b/app/models/identity.rb @@ -1,3 +1,5 @@ +require 'login_format_validation' +require 'local_email' # # Identity states: # diff --git a/app/models/user.rb b/app/models/user.rb index cb093cf..206c0df 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -1,3 +1,5 @@ +require 'login_format_validation' + class User < CouchRest::Model::Base include LoginFormatValidation diff --git a/doc/DEPLOY.md b/doc/DEPLOY.md index 33d5598..4d59701 100644 --- a/doc/DEPLOY.md +++ b/doc/DEPLOY.md @@ -1,5 +1,10 @@ # Deployment # +LEAP Web is provisioned and run as part of the overall [LEAP platform](https://leap.se/en/docs/platform). +We strongly recomment using the whole Platform and following its instructions. +If you want to directly deploy the webapp never the less these instructions are +for you. + These instructions are targeting a Debian GNU/Linux system. You might need to change the commands to match your own needs. @@ -10,9 +15,9 @@ change the commands to match your own needs. The following packages need to be installed: * git -* ruby1.9 -* rubygems1.9 +* ruby (2.1.5) * couchdb (if you want to use a local couch) +* bundler ### Setup Capistrano ### diff --git a/doc/DEVELOP.md b/doc/DEVELOP.md index cdd0867..97ecd25 100644 --- a/doc/DEVELOP.md +++ b/doc/DEVELOP.md @@ -1,5 +1,19 @@ # Development # +## Branches + +We use the 'master' branch to hold the version currently deployed to the +production servers. Only hotfixes are applied here. + +Most of development happens based upon the 'develop' branch. So unless +you are investigating a specific issue that occured in production you +probably want to base your changes on 'develop': +``` +git checkout origin/develop -b my-new-feature +``` +This will create a new branch called 'my-new-feature' based on the develop +branch from the origin remote. + ## Setting up the local CouchDB CouchDB operates in Admin Party by default, meaning there are no access @@ -7,17 +21,24 @@ control checks. This is handy for local development. However, there is the risk that running tests with Couch in Admin Party yields false results. -You have two options: +We recommend keeping the default CouchDB configuration locally and testing +the more complex setup with access control in Continuous Integration. -1) Use Admin Party and accept the risk -2) Stop Admin Party by creating user accounts & security docs by running the -following script: +Please see .travis.yml for the configuration of our CI runs. - test/travis/setup_couch.sh +In order to prepare you local couch for development run +``` +bin/rake db:rotate +bin/rake db:migrate +``` -### Database configuration +### Customized database configuration (advanced) + +If you want to stop Admin Party mode you need to create user accounts & +security docs. You can use the following script as a guideline: + test/travis/setup_couch.sh -Copy & adapt the default database configuration: +Afterwards copy & adapt the default database configuration: ``` mv config/couchdb.example.yml config/couchdb.yml @@ -37,14 +58,14 @@ Some tips on modifying the views: ## Engines ## -Leap Web contains some. They live in their own subdirectory and are included through bundler via their path. This way changes to the engines immediately affect the server as if they were in the main `app` directory. +We use engines to separate optional functionality from the core. They live in their own subdirectory and are included through bundler via their path. This way changes to the engines immediately affect the server as if they were in the main `app` directory. Currently Leap Web includes 2 Engines: * [support](https://github.com/leapcode/leap_web/blob/master/engines/support) - Help ticket management * [billing](https://github.com/leapcode/leap_web/blob/master/engines/billing) - Billing System -## Creating a new engine ## +## Creating a new engine (advanced) ## If you want to add functionality to the webapp but keep it easy to remove you might consider adding an engine. This only makes sense if your engine really is a plugin - so no other pieces of code depend on it. @@ -99,7 +120,7 @@ For example: visit robot_path(@robot, :locale => nil) end -## Debugging +## Debugging Production (advanced) Sometimes bugs only show up when deployed to the live production server. Debugging can be tricky, because the open source mod_passenger does not support debugger. You can't just run diff --git a/doc/TROUBLESHOOT.md b/doc/TROUBLESHOOT.md index f3db006..0e2957d 100644 --- a/doc/TROUBLESHOOT.md +++ b/doc/TROUBLESHOOT.md @@ -13,15 +13,19 @@ Here are some less common issues you might run into when installing Leap Web. Make sure bundler is installed. `gem list bundler` should list `bundler`. You also need to be able to access the `bundler` executable in your PATH. -## Outdated version of rubygems ## +## Incompatible ruby version ## -### Error Messages ### +### Detecting the problem ### +The rubyversion we use for development and testing is noted in the file + + .ruby-version -`bundler requires rubygems >= 1.3.6` +It should match what `ruby --version` prints. ### Solution ### -`gem update --system` will install the latest rubygems +Install the matching ruby version. For some operation systems this may require +the use of rbenv or rvm. ## Missing development tools ## @@ -42,5 +46,7 @@ Some gem dependencies might not compile because they lack the needed c libraries ### Solution ### Install the libraries in question including their development files. +Usually the missing library is mentioned in the error message. Searching the +internet for similar errors is a good starting point aswell. diff --git a/engines/support/app/models/account_extension/tickets.rb b/engines/support/app/models/account_extension/tickets.rb deleted file mode 100644 index f38d5fd..0000000 --- a/engines/support/app/models/account_extension/tickets.rb +++ /dev/null @@ -1,13 +0,0 @@ -module AccountExtension::Tickets - extend ActiveSupport::Concern - - def destroy_with_tickets(destroy_identities=false) - Ticket.destroy_all_from(self.user) - destroy_without_tickets(destroy_identities) - end - - included do - alias_method_chain :destroy, :tickets - end - -end diff --git a/engines/support/config/initializers/account_lifecycle.rb b/engines/support/config/initializers/account_lifecycle.rb index d9f04c1..9060757 100644 --- a/engines/support/config/initializers/account_lifecycle.rb +++ b/engines/support/config/initializers/account_lifecycle.rb @@ -1,3 +1,5 @@ +require 'account_extension/tickets' + ActiveSupport.on_load(:account) do include AccountExtension::Tickets end diff --git a/engines/support/lib/account_extension/tickets.rb b/engines/support/lib/account_extension/tickets.rb new file mode 100644 index 0000000..63f4873 --- /dev/null +++ b/engines/support/lib/account_extension/tickets.rb @@ -0,0 +1,15 @@ +module AccountExtension + module Tickets + extend ActiveSupport::Concern + + def destroy_with_tickets(destroy_identities=false) + Ticket.destroy_all_from(self.user) + destroy_without_tickets(destroy_identities) + end + + included do + alias_method_chain :destroy, :tickets + end + + end +end diff --git a/app/models/email.rb b/lib/email.rb index 4090275..4090275 100644 --- a/app/models/email.rb +++ b/lib/email.rb diff --git a/app/models/local_email.rb b/lib/local_email.rb index ded7baf..7c592e1 100644 --- a/app/models/local_email.rb +++ b/lib/local_email.rb @@ -1,3 +1,4 @@ +require 'email' class LocalEmail < Email BLACKLIST_FROM_RFC2142 = [ diff --git a/app/models/login_format_validation.rb b/lib/login_format_validation.rb index c1fcf70..c1fcf70 100644 --- a/app/models/login_format_validation.rb +++ b/lib/login_format_validation.rb diff --git a/test/unit/email_test.rb b/test/unit/email_test.rb index e858bd5..739b43e 100644 --- a/test/unit/email_test.rb +++ b/test/unit/email_test.rb @@ -1,4 +1,5 @@ require 'test_helper' +require 'email' class EmailTest < ActiveSupport::TestCase |