-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix custominstallerbuilder/issue#16 #173
Conversation
website/html/views.py
Outdated
@@ -22,6 +22,8 @@ | |||
import shutil | |||
import subprocess | |||
import xmlrpclib | |||
import re |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This import slipped in from a previous commit (wrong fork, wrong branch, had to cherry pick, resolve conflicts, ...).
Anyways, I actually think it already slipped into the original commit by accident. Because I can't see the re
module being used.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So should it be removed?
website/context_processor.py
Outdated
@@ -9,3 +9,14 @@ def customizable_strings(request): | |||
"CLEARINGHOUSE_URL": settings.CLEARINGHOUSE_URL, | |||
"DEMOKIT": settings.DEMOKIT, | |||
} | |||
|
|||
def options(request): | |||
"""Make variables defined in settings.py available to the template engine.""" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this really making all variables defined in settings.py available to the template engine, or just settings.DEBUG?
website/settings.py
Outdated
# This setting provides to chose whether to accept self-signed certificates | ||
# (e.g. in DEBUG mode) by using an unverified ssl context. | ||
# c.f. https://github.com/SeattleTestbed/custominstallerbuilder/issues/16 | ||
UNVERIFIED_SSL_CONTEXT = DEBUG |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I suppose UNVERIFIED_SSL_CONTEXT
can be set to True independent of DEBUG. In that case, I can imagine someone doing so and failing to notice that self-signed certificates are used in production (because they forgot it was set to True).
Consider having some type of warning for when self-signed certificates are accepted by the server.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is exactly what should be prevented by setting UNVERIFIED_SSL_CONTEXT
to DEBUG
, i.e.:
Either we are in
- DEBUG mode (== accept self-signed certificates) and we aware of it (c.f. warning sign added in this PR), or we are
- not in DEBUG mode (== don't accept self-signed certificates).
Also see discussion in SeattleTestbed/custominstallerbuilder#16.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I understand, but the hypothetical situation described is for a user that sets UNVERIFIED_SSL_CONTEXT to True independent of DEBUG. In other words, someone might try to set DEBUG to False, but UNVERIFIED_SSL_CONTEXT to True.
Are you saying that users should not attempt to modify UNVERIFIED_SSL_CONTEXT, and only modify DEBUG? If so, that should documented somewhere.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think that that's not necessary, since the variable is currently tied to the debug mode and shouldn't really be set independently anyway.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why have a separate UNVERIFIED_SSL_CONTEXT setting? Perhaps you should make it so that DEBUG results in the ability to use unverified SSL contexts.
Someone might try to modify if you don't at least explain that it shouldn't be independently modified.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I proposed the separate setting mostly for transparency. We never instruct a ch operator to set this to a different value than DEBUG
and I can't see why a ch operator would want to do this, or would do this by accident.
if settings.UNVERIFIED_SSL_CONTEXT: | ||
xmlrpc_proxy = xmlrpclib.ServerProxy( | ||
settings.SEATTLECLEARINGHOUSE_INSTALLER_BUILDER_XMLRPC, | ||
context=ssl._create_unverified_context()) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Isn't this function only available in Python version 2.7+? What if a user is using version <2.7? Should there be checks for Python versions in the code, or some kind of disclaimer?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
AFAIK we agreed that we don't care for Python <2.7 to run clearinghouse (c.f. discussion in SeattleTestbed/custominstallerbuilder#16).
As for the disclaimer, our main instruction to run the clearinghouse already suggests to use Python 2.7
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Python 2.6 is plainly unsupported for running a clearinghouse as of the docs change.
…signed certificates
The modified context_processor should not make the string, but the value of `settings.DEBUG` available to the template engine.
b7947a0
to
dce6ce9
Compare
Thanks for reviewing @vladimir-v-diaz and @JustinCappos! I have addressed your comments and also fixed a small but important bug in my code. Let me know if we can merge. |
Following @vladimir-v-diaz's review comment this change makes the docstring and comments of the custom options context_processor clearer.
This import slipped in from a previous commit (wrong fork, wrong branch, had to cherry pick, resolve conflicts, ...) Anyway, I actually think it already slipped into the original commit by accident: z3r0w0n@74fad83
7b52e14
to
be7516d
Compare
Feel free to merge! |
Following a review discussion with @vladimir-v-diaz [1] we add an extra warning comment to the `UNVERIFIED_SSL_CONTEXT` setting to prevent ch/cib operators from accidentely not verifying the ssl context in production. [1] SeattleTestbed#173 (comment)
Fixes custominstallerbuilder/issue16
DEBUG
option is set to true.Option defaults to the same value as
DEBUG
option.There are more parts in the Clearinghouse code that use XMLRPC but were not changed because they either don't use SSL or aren't probably used at all: