[Devtools] Fix an installer problem with a server-side change?

Pete Muir pmuir at redhat.com
Mon Jul 11 11:32:56 UTC 2016 

Exactly - I'm worried that in a couple of years time, someone will
delete that download, or upgrade the REST interface, not realising
that the installer is (ab)using it for something else...

On 9 July 2016 at 08:43, Denis Golovin <degolovi at redhat.com> wrote:
> There is no issue opened for this. Do you mean rest service should support
> requests to check T&C's using product-id instead of specific file.
> Something similar to
> https://developers.redhat.com/download-manager/rest/tc-accepted?productId=cdk
>
> ----- Original Message -----
>> From: "Pete Muir" <pmuir at redhat.com>
>> To: "Denis Golovin" <degolovi at redhat.com>
>> Cc: "Pavol Pitonak" <ppitonak at redhat.com>, devtools at redhat.com, "Rick Wagner" <rwagner at redhat.com>
>> Sent: Friday, July 8, 2016 7:52:30 AM
>> Subject: Re: [Devtools] Fix an installer problem with a server-side change?
>>
>> Do we have an issue to replace this with a proper T&C check that
>> doesn't involve the name of a file that might get changed without
>> someone understanding the installer depends on it?
>>
>> On 8 July 2016 at 00:27, Denis Golovin <degolovi at redhat.com> wrote:
>> > That is correct answer. This url is only to verify T&C's are signed.
>> >
>> > ----- Original Message -----
>> >> From: "Pavol Pitonak" <ppitonak at redhat.com>
>> >> To: "Pete Muir" <pmuir at redhat.com>
>> >> Cc: devtools at redhat.com, "Rick Wagner" <rwagner at redhat.com>
>> >> Sent: Thursday, July 7, 2016 4:50:19 AM
>> >> Subject: Re: [Devtools] Fix an installer problem with a server-side
>> >> change?
>> >>
>> >> It's not installing CDK 2.0.0-beta3 but the one specified in [1]. The
>> >> mentioned URL is only used for finding out whether the user provided
>> >> correct
>> >> username/password and whether he had agreed with T&C.
>> >>
>> >> [1]
>> >> https://github.com/redhat-developer-tooling/developer-platform-install/blob/master/requirements.json#L7
>> >>
>> >> On Thu, Jul 7, 2016 at 1:40 PM, Pete Muir < pmuir at redhat.com > wrote:
>> >>
>> >>
>> >> On 6 July 2016 at 20:02, Rick Wagner < rwagner at redhat.com > wrote:
>> >> > Hello DevTools,
>> >> >
>> >> > It seems we have a problem with the current version of the Development
>> >> > Suite
>> >> > installer. We have at least 2 new customer cases reporting inability to
>> >> > install due to the message dialogue "Terms and Conditions for the CDK
>> >> > have
>> >> > not been signed".
>> >> >
>> >> > This is concerning because we're also seeing similar activity on
>> >> > non-support
>> >> > channels. It's also worth noting that not every user that has a problem
>> >> > reports it-- some just give up and move on. There is enough volume here
>> >> > that we probably should treat this with some urgency.
>> >> >
>> >> > It seems likely the relevant code (thanks for highlighting this, Alexey)
>> >> > is
>> >> > below:
>> >> >
>> >> > -------------------------------------------------
>> >> >
>> >> > login() {
>> >> > this.authFailed = false;
>> >> > this.tandcNotSigned = false;
>> >> >
>> >> > let req = {
>> >> > method: 'GET',
>> >> > url:
>> >> > '
>> >> > https://developers.redhat.com/download-manager/rest/tc-accepted?downloadURL=/file/cdk-2.0.0-beta3.zip
>> >> > ',
>> >> > <<<<<<<<<---- returns 'false' when not approved
>> >>
>> >> I noticed when reading this that this code appears to be downloading
>> >> CDK 2.0.0-beta3 which implies that either this is an old version of
>> >> the installer, or the installer is installing a very old CDK...
>> >>
>> >> > headers: {
>> >> > 'Authorization': 'Basic ' + this.base64.encode(this.username + ':' +
>> >> > this.password)
>> >> > }
>> >> > };
>> >> >
>> >> > this.http(req)
>> >> > .then(this.handleHttpSuccess.bind(this))
>> >> > .catch(this.handleHttpFailure.bind(this));
>> >> > }
>> >> >
>> >> > ---------------------------------
>> >> >
>> >> >
>> >> > So we have users getting denied use of our product. Do we require a
>> >> > rebuild
>> >> > immediately? Maybe.
>> >> >
>> >> > How about if we changed the rest service
>> >> > ( https://developers.redhat.com/download-manager/rest/tc-accepted ) so
>> >> > it
>> >> > includes a peak at an override database as well as whatever it's
>> >> > currently
>> >> > doing now?
>> >> >
>> >> > In that way, we could have the users pop over to a 'yes, I agree to the
>> >> > terms' page to insert an entry into the database. The rest service could
>> >> > use something like the provided username as a key to ensure a 'true' is
>> >> > returned.
>> >> >
>> >> >
>> >> > Or not. Is there a better way to fix this?
>> >> >
>> >> > Please consider, we need to fix this sooner rather than later....
>> >> >
>> >> > Thanks,
>> >> >
>> >> > Rick
>> >> >
>> >> >
>> >> > _______________________________________________
>> >> > Devtools mailing list
>> >> > Devtools at redhat.com
>> >> > https://www.redhat.com/mailman/listinfo/devtools
>> >> >
>> >>
>> >> _______________________________________________
>> >> Devtools mailing list
>> >> Devtools at redhat.com
>> >> https://www.redhat.com/mailman/listinfo/devtools
>> >>
>> >>
>> >> _______________________________________________
>> >> Devtools mailing list
>> >> Devtools at redhat.com
>> >> https://www.redhat.com/mailman/listinfo/devtools
>> >>
>>

More information about the Devtools mailing list