From 6b08e8c89d26225786736ad69ba335b275a1a048 Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 4 Jul 2016 21:26:46 +0200 Subject: [doc] update install documentation --- README.md | 46 ++++++++++++++++++++++++++++------------------ 1 file changed, 28 insertions(+), 18 deletions(-) (limited to 'README.md') diff --git a/README.md b/README.md index b6f3d1b..6d8a504 100644 --- a/README.md +++ b/README.md @@ -46,20 +46,6 @@ External docs: * Overview of the main code repositories * Ideas for discrete, unclaimed development projects that would greatly benefit the LEAP ecosystem. -Known problems ---------------------------- - -* Client certificates are generated without a CSR. The problem is that - this makes the web application extremely vulnerable to denial of - service attacks. This is not an issue unless the provider enables the - possibility of anonymously fetching a client certificate without - authenticating first. - -* By its very nature, the user database is vulnerable to enumeration - attacks. These are very hard to prevent, because our protocol is - designed to allow query of a user database via proxy in order to - provide network perspective. - Installation --------------------------- @@ -69,14 +55,24 @@ these instructions: ### Install system requirements +You'll need git, ruby (2.1.5), couchdb and bundler installed. +On a recent debian based distribution run + sudo apt install git ruby couchdb bundler -Your actual requirements might differ if you are running an older OS that defaults to ruby 1.9. +For other operation systems please lookup the install instructions of these +tools. ### Download source +We host our own git repository. In order to create a local clone run + git clone --recursive git://leap.se/leap_web +The repo is mirrored on github and we accept pull requests there: + + https://github.com/leapcode/leap_web + ### Install required ruby libraries cd leap_web @@ -88,13 +84,13 @@ have sudo, run ``bundle`` as root. ### Installation for development purposes -Please see `doc/DEVELOP.md` for further required steps when installing +Please see `doc/DEVELOP.md` for details about installing leap_web for development purposes. -Configuration +Configuration for Production ---------------------------- -The configuration file `config/defaults.yml` providers good defaults for +The configuration file `config/defaults.yml` provides good defaults for most values. You can override these defaults by creating a file `config/config.yml`. @@ -167,3 +163,17 @@ To run an individual test: or ruby -Itest certs/test/unit/client_certificate_test.rb +Known problems +--------------------------- + +* Client certificates are generated without a CSR. The problem is that + this makes the web application extremely vulnerable to denial of + service attacks. This is not an issue unless the provider enables the + possibility of anonymously fetching a client certificate without + authenticating first. + +* By its very nature, the user database is vulnerable to enumeration + attacks. These are very hard to prevent, because our protocol is + designed to allow query of a user database via proxy in order to + provide network perspective. + -- cgit v1.2.3 From 78d1b0daae8b7d667c8cb5a8da0b1efba029801f Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 4 Jul 2016 22:02:05 +0200 Subject: [doc] make sure to mention develop branch in dev docs --- README.md | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) (limited to 'README.md') diff --git a/README.md b/README.md index 6d8a504..e68c117 100644 --- a/README.md +++ b/README.md @@ -68,14 +68,24 @@ tools. We host our own git repository. In order to create a local clone run git clone --recursive git://leap.se/leap_web + cd leap_web The repo is mirrored on github and we accept pull requests there: https://github.com/leapcode/leap_web +### Pick branch (development only) + +We use the master branch for the stable version deployed to production. +Development usually happens on the develop branch. So for development you +want to run + + git checkout origin/develop -b develop + +This will create a local branch called develop based on our develop branch. + ### Install required ruby libraries - cd leap_web bundle --binstubs Typically, you run ``bundle`` as a normal user and it will ask you for a -- cgit v1.2.3 From 160c3a961943aa996982a8d84403957afef0a459 Mon Sep 17 00:00:00 2001 From: thea Date: Wed, 7 Sep 2016 16:43:39 +0200 Subject: Added documentation to README about twitter authentification and usage of secrets-file --- README.md | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) (limited to 'README.md') diff --git a/README.md b/README.md index e68c117..4d9ca39 100644 --- a/README.md +++ b/README.md @@ -187,3 +187,29 @@ Known problems designed to allow query of a user database via proxy in order to provide network perspective. +Twitter Timeline on Main View +--------------------------- + +This is a feature to include a twitter feed that displays most recent tweets +of a (determined) twitter account (accessed via Twitter API). +If you chose to use it, the feature gets included in `home/index` of +LEAP web app (as part of the main view). + +* Create Twitter Application on https://apps.twitter.com/ + * Visit https://apps.twitter.com/ and log in with the twitter account you want to use + * Make sure you have a mobile phone number registered with your account to be able to proceed + * Choose the option to `Create New App` + * Fill in Application Details and Developer Agreement and `Create your Twitter application` + * Choose the section "Keys and Access Tokens" to get your consumer key and consumer secret + * Optional: Go to section "Permissions" and change the "Access" from `Read and Write` (by default) to `Read only` + * Have your consumer key and secret by hand for one of the next steps + +* Activate the feature within your local LEAP Web Application + * If not already existing create a secrets-file in /config with the name secrets.yml (`/config/secrets.yml`) + * Secrets-file should contain the following, make sure its in YAML: {"development"=> {"twitter"=>{"enabled"=>false, "twitter_handle"=>"", "bearer_token"=>"", "twitter_picture"=>nil}}, "test"=>{"twitter"=>{"enabled"=>false, "twitter_handle"=>"", "bearer_token"=>"", "twitter_picture"=>nil}}} + * To have your bearer token created, run script in terminal being in the file of leap_web: `script/generate_bearer_token` + * To have the script run properly you have to add before running: `--key your_consumerkey --secret your_consumersecret` + * Add also `--projectroot your_projectroot --twitterhandle your_twitterhandle` as well to not have manually put the data in your secrets-file + * The full command looks like this: `script/generate_bearer_token --key your_consumerkey --secret your_consumersecret --projectroot your_projectroot --twitterhandle your_twitterhandle` + * If you didn't give all your information to the script, had a typo or want to change anything else, please do so by finding the secrets-file at `/config/secrets.yml` + * Make sure that the correct twitterhandle and bearer-token is included -- cgit v1.2.3 From 45abd9751e3e7d5428bad81a433b85feae328a04 Mon Sep 17 00:00:00 2001 From: luca-marie Date: Tue, 13 Sep 2016 15:16:20 +0200 Subject: Restructuring README and documentation in doc file --- README.md | 29 ++--------------------------- 1 file changed, 2 insertions(+), 27 deletions(-) (limited to 'README.md') diff --git a/README.md b/README.md index 4d9ca39..923b239 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,7 @@ The LEAP Web App provides the following functions: * Webfinger access to user’s public keys * Email aliases and forwarding * Localized and Customizable documentation +* Display of status updates from Twitter (access to tweets via Twitter API) Written in: Ruby, Rails. @@ -36,6 +37,7 @@ For more information, see these files in the ``doc`` directory: * DEPLOY -- for notes on deployment. * DEVELOP -- for developer notes. * CUSTOM -- how to customize. +* TWITTER_FEED -- how to use it. External docs: @@ -186,30 +188,3 @@ Known problems attacks. These are very hard to prevent, because our protocol is designed to allow query of a user database via proxy in order to provide network perspective. - -Twitter Timeline on Main View ---------------------------- - -This is a feature to include a twitter feed that displays most recent tweets -of a (determined) twitter account (accessed via Twitter API). -If you chose to use it, the feature gets included in `home/index` of -LEAP web app (as part of the main view). - -* Create Twitter Application on https://apps.twitter.com/ - * Visit https://apps.twitter.com/ and log in with the twitter account you want to use - * Make sure you have a mobile phone number registered with your account to be able to proceed - * Choose the option to `Create New App` - * Fill in Application Details and Developer Agreement and `Create your Twitter application` - * Choose the section "Keys and Access Tokens" to get your consumer key and consumer secret - * Optional: Go to section "Permissions" and change the "Access" from `Read and Write` (by default) to `Read only` - * Have your consumer key and secret by hand for one of the next steps - -* Activate the feature within your local LEAP Web Application - * If not already existing create a secrets-file in /config with the name secrets.yml (`/config/secrets.yml`) - * Secrets-file should contain the following, make sure its in YAML: {"development"=> {"twitter"=>{"enabled"=>false, "twitter_handle"=>"", "bearer_token"=>"", "twitter_picture"=>nil}}, "test"=>{"twitter"=>{"enabled"=>false, "twitter_handle"=>"", "bearer_token"=>"", "twitter_picture"=>nil}}} - * To have your bearer token created, run script in terminal being in the file of leap_web: `script/generate_bearer_token` - * To have the script run properly you have to add before running: `--key your_consumerkey --secret your_consumersecret` - * Add also `--projectroot your_projectroot --twitterhandle your_twitterhandle` as well to not have manually put the data in your secrets-file - * The full command looks like this: `script/generate_bearer_token --key your_consumerkey --secret your_consumersecret --projectroot your_projectroot --twitterhandle your_twitterhandle` - * If you didn't give all your information to the script, had a typo or want to change anything else, please do so by finding the secrets-file at `/config/secrets.yml` - * Make sure that the correct twitterhandle and bearer-token is included -- cgit v1.2.3