[20:43:49] | * Edelbrock has joined #farmos |
[20:44:00] | * Edelbrock has left #farmos () |
[23:06:10] | <paul121[m]> | > I ask because we are hoping to implement OAuth2 in farmOS in the future |
[23:06:10] | <paul121[m]> | I was going to start looking into this !! Haha |
[01:53:05] | * JustTB has joined #farmos |
[02:04:38] | * JustTB has quit (Ping timeout: 245 seconds) |
[04:03:19] | <skipper_is[m]> | It is included... The logon form gives you a cookie, you get your token, and use cookie and token for everything else on the future http://www.bubblecode.net/wp-content/uploads/2013/03/auth_code_flow.png |
[04:04:46] | <skipper_is[m]> | Well, a version of OAuth2, there is no refresh token, but works pretty much the same.. |
[04:29:38] | <skipper_is[m]> | Bearer Authentication is probably more accurate |
[05:13:18] | * JustTB has joined #farmos |
[05:39:07] | <skipper_is[m]> | ....Requests still work without the bearer token?! |
[06:39:09] | * JustTB has quit (Quit: Leaving.) |
[06:54:23] | * JustTB has joined #farmos |
[07:11:42] | * JustTB has quit (Ping timeout: 245 seconds) |
[07:42:10] | <mstenta[m]> | Ah gotcha. Yea what we have now is not the same as Oauth2 |
[07:42:43] | <mstenta[m]> | The token is mainly for preventing cross site request forgery |
[07:43:38] | <mstenta[m]> | If you've ever used one of GitHub's integration features, where you grant access to your GitHub account from other applications, that's oauth |
[07:44:05] | <mstenta[m]> | It's a way to authenticate *without* the other application needing to know your accounts password |
[07:44:41] | <mstenta[m]> | So you can potentially revoke access to a specific app without changing your password (which would revoke access to all apps) |
[07:45:54] | <mstenta[m]> | This is the to-do for adding Oauth2 to farmOS: https://www.drupal.org/project/farm/issues/3034214 |
[08:45:50] | <skipper_is[m]> | So /restws/session/token is actually useless? |
[08:46:35] | <mstenta[m]> | Not useless - it's necessary to get the CSRF token, which is required in order to make requests to the JSON endpoints |
[08:47:09] | <skipper_is[m]> | I've just sent a get request, with only the cookie received from user/login, and it worked |
[08:47:19] | <mstenta[m]> | To what endpoint? |
[08:47:30] | <skipper_is[m]> | farm_asset.json?type=animal |
[08:47:36] | <mstenta[m]> | Oh it might only be required for PUT/POST requests... I forget |
[08:47:41] | <skipper_is[m]> | aH OK |
[08:47:45] | <skipper_is[m]> | Oh caps lock |
[08:47:48] | <skipper_is[m]> | I'll try a psot |
[08:47:51] | <skipper_is[m]> | *post |
[08:48:09] | <skipper_is[m]> | 403 Access Denied: CSRF validation failed |
[08:48:09] | <skipper_is[m]> | Yea, get works with just cookie |
[08:48:27] | <mstenta[m]> | Cool that makes sense |
[08:48:59] | <mstenta[m]> | FYI all of that is handled by this add-on Drupal module: https://drupal.org/project/restws |
[08:49:01] | <skipper_is[m]> | I guess... Shouldn't they both be as secure? |
[08:51:24] | <mstenta[m]> | That module basically just asks Drupal "what entity types do you provide?" and then adds JSON/XML endpoints for each |
[08:51:32] | <mstenta[m]> | And it provides the token endpoint |
[08:52:00] | <mstenta[m]> | > I guess... Shouldn't they both be as secure? |
[08:52:00] | <mstenta[m]> | Well it's primarily a protection against CSRF |
[08:52:07] | <mstenta[m]> | https://en.wikipedia.org/wiki/Cross-site_request_forgery |
[08:52:23] | <mstenta[m]> | And GET requests aren't really a risk in that regard |
[08:52:49] | <mstenta[m]> | If you want to prevent reading from the server, then you use access control, not CSRF tokens |
[08:54:02] | <mstenta[m]> | a CSRF attack would be about trying to hijack a user's open session and using it to make changes on the server (POST/PUT) |
[08:55:25] | <mstenta[m]> | > At risk are web applications that perform actions based on input from trusted and authenticated users without requiring the user to authorize the specific action. A user who is authenticated by a cookie saved in the user's web browser could unknowingly send an HTTP request to a site that trusts the user and thereby causes an unwanted action. |
[08:55:53] | <mstenta[m]> | > In particular, the convention has been established that the GET and HEAD methods SHOULD NOT have the significance of taking an action other than retrieval. These methods ought to be considered "safe". This allows user agents to represent other methods, such as POST, PUT and DELETE, in a special way, so that the user is made aware of the fact that a possibly unsafe action is being requested. |
[08:56:18] | <mstenta[m]> | > Because of this assumption, many existing CSRF prevention mechanisms in web frameworks will not cover GET requests, but rather apply the protection only to HTTP methods that are intended to be state-changing. |
[09:00:15] | <skipper_is[m]> | 'self' : _parse_api_page(url=response['self']), |
[09:00:22] | <skipper_is[m]> | Is this just returning the url? |
[09:03:57] | <skipper_is[m]> | Oh, nvm, it is getting the page number from the url |
[09:31:50] | <mstenta[m]> | Where is that? |
[09:32:10] | <mstenta[m]> | Oh in farmOS.py? |
[09:38:34] | <skipper_is[m]> | Yea, got it :) |
[09:40:14] | <skipper_is[m]> | There is no urlparse or parse_qs in micropython |
[09:54:29] | * JustTB has joined #farmos |
[10:09:23] | <mstenta[m]> | skipper_is: saw your "death log" feature request... will reply in more detail when i can |
[10:09:34] | <mstenta[m]> | there has been some thought around that... |
[10:24:37] | <skipper_is[m]> | Ok......sounds ominous |
[10:25:49] | <mstenta[m]> | Haha |
[10:38:47] | * JustTB has quit (Ping timeout: 245 seconds) |
[14:28:01] | <mstenta[m]> | skipper_is: I discovered an issue with the patch I made to the Entity API module |
[14:28:03] | <mstenta[m]> | https://www.drupal.org/project/entity/issues/3076175#comment-13230604 |
[14:28:23] | <mstenta[m]> | The change you made manually may cause issues |
[14:28:44] | <mstenta[m]> | Or it may not |
[14:28:44] | <mstenta[m]> | But I'd recommend undoing it and applying the new patch if you can |
[15:14:21] | <mstenta[m]> | skipper_is: I may need to roll back that patch until I have more time to investigate |
[15:14:30] | <mstenta[m]> | You can probably keep the snippet in there that you added for now |
[16:05:17] | <skipper_is[m]> | Currently the other fix didn't seem to be causing any obvious issues.. So I'll leave it for now... |
[16:06:07] | * JustTB has joined #farmos |
[16:28:18] | * JustTB has quit (Quit: Leaving.) |
[16:31:19] | <skipper_is[m]> | The requested page "/farmOS/log.json?type=farm_harvest" could not be found. ...Err... What? |
[16:31:37] | <mstenta[m]> | Bah. That's what I was worried about |
[16:31:43] | <mstenta[m]> | You should revert all changes |
[16:32:04] | <skipper_is[m]> | Oki |
[16:32:12] | <mstenta[m]> | Until I get it fully resolved |
[16:32:23] | <skipper_is[m]> | Entity controller... line 200 and something? |
[16:33:27] | <skipper_is[m]> | But if I navigate to the page, I can find it... |
[16:35:18] | <skipper_is[m]> | Reverted, and it is showing the same... must be something I did.. Do I need to restart apache? |
[16:39:01] | <mstenta[m]> | Try clearing Drupal caches |
[16:39:39] | <skipper_is[m]> | The website encountered an unexpected error. Please try again later. Well, it is different! |
[16:39:47] | <mstenta[m]> | `/admin/development/performance` |
[16:41:03] | <skipper_is[m]> | Doesnt exist apparently... gets me to the admin page |
[16:41:59] | <mstenta[m]> | Oh sorry |
[16:42:19] | <skipper_is[m]> | Ooo whole bunch of restws errors.. |
[16:42:26] | <skipper_is[m]> | Warning: Invalid argument supplied for foreach() in farm_api_restws_request_alter() (line 144 of /var/www/html/farmOS/profiles/farm/modules/farm/farm_api/farm_api.module). |
[16:42:26] | <mstenta[m]> | `/admin/config/development/performance` |
[16:42:34] | <skipper_is[m]> | Notice: Trying to get property of non-object in restws_file_restws_request_alter() (line 30 of /var/www/html/farmOS/profiles/farm/modules/contrib/restws_file/restws_file.module). |
[16:43:06] | <mstenta[m]> | You can ignore those, that's the same warnings from before from the `restws_file` module |
[16:43:59] | <skipper_is[m]> | Ah ok |
[16:44:34] | <skipper_is[m]> | TypeError: Argument 1 passed to RestWSBaseFormat::getPropertyValues() must be of the type array, string given, called in /var/www/html/farmOS/profiles/farm/modules/contrib/restws/restws.formats.inc on line 478 in RestWSBaseFormat->getPropertyValues() (line 260 of /var/www/html/farmOS/profiles/farm/modules/contrib/restws/restws.formats.inc). |
[16:44:35] | <skipper_is[m]> | This one too? |
[16:45:17] | <mstenta[m]> | That looks different |
[16:45:52] | <skipper_is[m]> | That might be me.. |
[16:47:44] | <mstenta[m]> | Hanging out with my toddler for the next few hours, might not be able to help much |
[16:47:54] | <skipper_is[m]> | No worries, mine is asleep :) |
[16:48:09] | <mstenta[m]> | Did clearing caches fix it? |
[16:48:19] | <mstenta[m]> | If not, you may need drush |
[16:48:23] | <skipper_is[m]> | Oh yea, thats why I was there.. leme try |
[16:49:17] | <skipper_is[m]> | Noop |
[16:49:41] | <mstenta[m]> | Bah. I had the same issue |
[16:49:58] | <mstenta[m]> | Drush registry rebuild fixed it |
[16:50:20] | <mstenta[m]> | You're not using the Docker image, right? |
[16:50:37] | <skipper_is[m]> | I am not |
[16:50:55] | <skipper_is[m]> | rebuild registry..... Where might I find that? |
[16:51:22] | <mstenta[m]> | You need drush |
[16:51:24] | <skipper_is[m]> | 201 |
[16:51:25] | <skipper_is[m]> | {"uri":"https:\/\/home.skipper-iwb.co.uk\/farmOS\/log\/77","id":"77","resource":"log"} |
[16:51:26] | <skipper_is[m]> | success |
[16:51:35] | <mstenta[m]> | Oh? Is it working? |
[16:51:38] | <skipper_is[m]> | Ah log in to the server SSH |
[16:51:43] | <skipper_is[m]> | Yea, seems to be |
[16:51:49] | <mstenta[m]> | Oh great!! |
[16:52:12] | <skipper_is[m]> | Honestly, I've no idea what made it work :P |
[16:52:29] | <mstenta[m]> | Haha probably the cache clear |
[16:52:38] | <skipper_is[m]> | Yea, maybe |
[16:52:56] | <skipper_is[m]> | Bit of a shame the other fix didn't work |
[16:53:11] | <mstenta[m]> | Yea this issue is a deep one... I want to be 100% sure we have it figured out before recommending it |
[16:53:21] | <mstenta[m]> | Don't want to risk messing up your db |
[16:54:06] | <mstenta[m]> | I don't know that it would, but I also don't know that it wouldn't |
[16:54:08] | <skipper_is[m]> | Reminds me, I need to do a backup.... |
[16:54:23] | <mstenta[m]> | Yes. Yes yes yes |
[16:54:26] | <skipper_is[m]> | I've not tried to restore from a backup, so I have no idea if my backups are even working |
[16:54:33] | <skipper_is[m]> | Would be nice if there was a builtin backup in Drupal |
[16:54:44] | <skipper_is[m]> | dump everything to a nice zip file |
[16:54:49] | <skipper_is[m]> | files as well |
[16:54:52] | <mstenta[m]> | The backup and migrate module does that |
[16:55:15] | <skipper_is[m]> | Ooo, and here is me fiddling around with pgsql... |
[16:55:45] | <mstenta[m]> | But you could also just roll your own |
[16:56:19] | <skipper_is[m]> | I was just doing pg_dump to save the database, and downloading the sites folder |
[16:56:34] | <mstenta[m]> | Yea that works |
[16:57:05] | <skipper_is[m]> | Is backup and migrate built in, or a download? |
[16:57:26] | <mstenta[m]> | Sometimes a good idea to save the entire web root, so you have the codebase and database versions in sync |
[16:57:33] | <mstenta[m]> | It's an add on |
[16:57:52] | <skipper_is[m]> | Yea, but not in my module list, so I assume I need to install it |
[16:58:01] | <mstenta[m]> | https://drupal.org/project/backup_migrate |
[16:58:08] | <skipper_is[m]> | Probably isn't compatible with PostGreSQL |
[16:58:28] | <mstenta[m]> | Hmm I would hope it is |
[16:58:48] | <mstenta[m]> | But definitely PGSQL is less tested that MySQL in general it seems |
[16:59:08] | <skipper_is[m]> | I hope so too... |
[16:59:22] | <mstenta[m]> | But you just need a dump, so you can do that and not worry |
[17:00:12] | <skipper_is[m]> | Error |
[17:00:13] | <skipper_is[m]> | The website encountered an unexpected error. Please try again later. |
[17:00:13] | <skipper_is[m]> | Oh yea |
[17:00:37] | <mstenta[m]> | What gave that error? |
[17:01:06] | <skipper_is[m]> | running a backup |
[17:01:15] | <skipper_is[m]> | I suspect it doesnt like Postgresql |
[17:01:25] | <mstenta[m]> | Oh you installed it already |
[17:01:31] | <mstenta[m]> | You're fast :-) |
[17:02:26] | <mstenta[m]> | (you know to put downloaded modules in `sites` not `profiles` right?) |
[17:02:45] | <skipper_is[m]> | I installed it through the modules page |
[17:03:22] | <skipper_is[m]> | But it does get installed there |
[17:03:24] | <skipper_is[m]> | (in sites) |
[17:04:04] | <mstenta[m]> | Oh gotcha, I never use that |
[17:04:18] | <mstenta[m]> | Also: NEVER update through the UI |
[17:04:42] | <mstenta[m]> | It won't apply patches to modules that farmOS needs |
[17:04:56] | <skipper_is[m]> | How do you patch? |
[17:05:03] | <skipper_is[m]> | I'd just rebuilt the entire thing and copied it across |
[17:05:03] | <mstenta[m]> | There's a big warning on the farmOS update page |
[17:05:22] | <skipper_is[m]> | ...hehe..... |
[17:05:23] | <mstenta[m]> | Rebuilt how |
[17:05:33] | <skipper_is[m]> | farm.make |
[17:05:42] | <mstenta[m]> | Oh you have drush? |
[17:05:47] | <skipper_is[m]> | Yea |
[17:05:55] | <mstenta[m]> | Oh good |
[17:06:03] | <mstenta[m]> | Yes, that will automatically patch |
[17:06:41] | <skipper_is[m]> | So I download my sites folder, clone the git, make, copy that to the old location, then copy back in my sites folder.. |
[17:08:04] | <skipper_is[m]> | But backup and migrate does NOT like Postgresql, I did a "files only" backup, happy as could be |
[17:08:11] | <skipper_is[m]> | whole site... Nope |
[17:08:25] | <skipper_is[m]> | Drush patches automatically? Do I need to run it? |
[17:08:45] | <skipper_is[m]> | CRON? |
[17:10:03] | <mstenta[m]> | In general I don't recommend building manually with drush |
[17:10:29] | <mstenta[m]> | Much safer to just use the pre built tar file release |
[17:11:06] | <skipper_is[m]> | But that is 18th July... |
[17:11:07] | <mstenta[m]> | See farmOS.org instructions |
[17:11:35] | <skipper_is[m]> | Ooh, the -dev path |
[17:11:43] | <mstenta[m]> | <skipper_is[m] "But that is 18th July..."> Oh I forget, are there recent changes you need? |
[17:11:49] | <mstenta[m]> | Or yea you can use the dev |
[17:11:52] | <mstenta[m]> | But.... |
[17:11:59] | <skipper_is[m]> | the changed file types for audio files |
[17:12:13] | <mstenta[m]> | (nevermind the but) |
[17:12:15] | <mstenta[m]> | Ok that should work |
[17:12:19] | <skipper_is[m]> | And I think there was a postgresql bug you squashed since 18th |
[17:13:14] | <skipper_is[m]> | So don't drush make build-farm it? |
[17:14:13] | <skipper_is[m]> | (How do I update the drupal release? Just copy the files across again?) |
[17:16:18] | <mstenta[m]> | Yea if you download the 7.x-1.x-dev tarball that will be a pre built code base |
[17:16:38] | <mstenta[m]> | (essentially the same as what you would get running drush make yourself) |
[17:16:51] | <mstenta[m]> | See farmOS.org for update instructions |
[17:17:09] | <mstenta[m]> | https://farmos.org/hosting/updating/ |
[17:17:33] | <skipper_is[m]> | Yea, so just copy everything over except sites |
[17:17:44] | <mstenta[m]> | Yes |
[17:17:51] | <mstenta[m]> | And run update.php |
[17:17:52] | <skipper_is[m]> | I can manage that |
[17:17:54] | <skipper_is[m]> | Yea |
[17:18:16] | <mstenta[m]> | Yea... Safer than trying to do the drush make yourself IMO |
[17:18:22] | <mstenta[m]> | More consistent |
[17:18:42] | <mstenta[m]> | Or less steps at least |
[17:18:43] | <skipper_is[m]> | Just need an easier way of backup up the database.. |
[17:19:06] | <skipper_is[m]> | I dunno, git clone ...... cd cd... drush make.... cp this to that |
[17:19:23] | <mstenta[m]> | Cron script that saves a dump to files dir? |
[17:19:54] | <skipper_is[m]> | Yea, I've not actually tried restoring from the dump, so I'm paranoid I've not dumped the right thing... Do I need pre_Data as well? Too many options in it |
[17:20:00] | <mstenta[m]> | (just make sure you don't save it somewhere that's publicly accessible) |
[17:20:11] | <skipper_is[m]> | Indeed! |
[17:20:14] | <mstenta[m]> | Pre data? |
[17:20:31] | <skipper_is[m]> | I'm dumping form pgAdmin, and there are way too many options |
[17:20:37] | <mstenta[m]> | Oh |
[17:20:50] | <mstenta[m]> | Not familiar with that |
[17:20:53] | <mstenta[m]> | But you just need the tables |
[17:21:49] | <skipper_is[m]> | ACTION uploaded an image: image.png (85KB) < https://matrix.org/_matrix/media/v1/download/matrix.org/WDFNjcHdYdcApHni... > |
[17:22:19] | <skipper_is[m]> | I've just been saying yes to just about everything |
[17:22:39] | <mstenta[m]> | I don't like that... I'd look for the command |
[17:23:14] | <skipper_is[m]> | Oh nice you can just do pg_dump mydb > db.sql |
[17:23:19] | <skipper_is[m]> | and dump the entire DB |
[17:23:29] | <mstenta[m]> | There ya go! |
[17:23:46] | <mstenta[m]> | Yes equivalent to `mysqldump` I assume |
[17:24:19] | <skipper_is[m]> | Thats what I need, I don't need to include pre and post data, or to load via partition root... |
[17:24:25] | <skipper_is[m]> | Or even the unlogged table data.. |
[17:25:21] | <skipper_is[m]> | Right then, with that i'm going to hit the rack |
[17:25:57] | <mstenta[m]> | Good good |
[18:36:33] | * JustTB has joined #farmos |
[19:20:01] | * JustTB has quit (Ping timeout: 276 seconds) |
[19:56:22] | * JustTB has joined #farmos |