[Devtools] Fix an installer problem with a server-side change?

Denis Golovin degolovi at redhat.com
Wed Jul 20 08:11:52 UTC 2016 

FYI: JIRA is created to fix T&C's check in DevSuite to use stable link in download-manager.
ORG-3469 Check T&C's signing status without referencing to specific file in download-manager

Denis

----- Original Message -----
> From: "Pete Muir" <pmuir at redhat.com>
> To: "Denis Golovin" <degolovi at redhat.com>
> Cc: ppitonak at redhat.com, "Rick Wagner" <rwagner at redhat.com>, devtools at redhat.com
> Sent: Tuesday, July 12, 2016 12:23:39 AM
> Subject: Re: [Devtools] Fix an installer problem with a server-side change?
> 
> David H and mark N are the right people.
> On 12 Jul 2016 7:31 a.m., "Denis Golovin" <degolovi at redhat.com> wrote:
> 
> > Pete,
> >
> > it seems T&C's workflow is really simple now, T&C's just signed
> > when registrations is done. It seems that this request could be
> > just https://developers.redhat.com/download-manager/rest/tc-accepted
> > without any additional parameters.
> >
> > Who should I discuss it with? Is David Hladky right person?
> >
> > Thanks,
> > Denis
> >
> > ----- Original Message -----
> > > From: "Pete Muir" <pmuir at redhat.com>
> > > To: "Denis Golovin" <degolovi at redhat.com>
> > > Cc: "Pavol Pitonak" <ppitonak at redhat.com>, devtools at redhat.com, "Rick
> > Wagner" <rwagner at redhat.com>
> > > Sent: Monday, July 11, 2016 4:32:56 AM
> > > Subject: Re: [Devtools] Fix an installer problem with a server-side
> > change?
> > >
> > > Exactly - I'm worried that in a couple of years time, someone will
> > > delete that download, or upgrade the REST interface, not realising
> > > that the installer is (ab)using it for something else...
> > >
> > > On 9 July 2016 at 08:43, Denis Golovin <degolovi at redhat.com> wrote:
> > > > There is no issue opened for this. Do you mean rest service should
> > support
> > > > requests to check T&C's using product-id instead of specific file.
> > > > Something similar to
> > > >
> > https://developers.redhat.com/download-manager/rest/tc-accepted?productId=cdk
> > > >
> > > > ----- Original Message -----
> > > >> From: "Pete Muir" <pmuir at redhat.com>
> > > >> To: "Denis Golovin" <degolovi at redhat.com>
> > > >> Cc: "Pavol Pitonak" <ppitonak at redhat.com>, devtools at redhat.com, "Rick
> > > >> Wagner" <rwagner at redhat.com>
> > > >> Sent: Friday, July 8, 2016 7:52:30 AM
> > > >> Subject: Re: [Devtools] Fix an installer problem with a server-side
> > > >> change?
> > > >>
> > > >> Do we have an issue to replace this with a proper T&C check that
> > > >> doesn't involve the name of a file that might get changed without
> > > >> someone understanding the installer depends on it?
> > > >>
> > > >> On 8 July 2016 at 00:27, Denis Golovin <degolovi at redhat.com> wrote:
> > > >> > That is correct answer. This url is only to verify T&C's are signed.
> > > >> >
> > > >> > ----- Original Message -----
> > > >> >> From: "Pavol Pitonak" <ppitonak at redhat.com>
> > > >> >> To: "Pete Muir" <pmuir at redhat.com>
> > > >> >> Cc: devtools at redhat.com, "Rick Wagner" <rwagner at redhat.com>
> > > >> >> Sent: Thursday, July 7, 2016 4:50:19 AM
> > > >> >> Subject: Re: [Devtools] Fix an installer problem with a server-side
> > > >> >> change?
> > > >> >>
> > > >> >> It's not installing CDK 2.0.0-beta3 but the one specified in [1].
> > The
> > > >> >> mentioned URL is only used for finding out whether the user
> > provided
> > > >> >> correct
> > > >> >> username/password and whether he had agreed with T&C.
> > > >> >>
> > > >> >> [1]
> > > >> >>
> > https://github.com/redhat-developer-tooling/developer-platform-install/blob/master/requirements.json#L7
> > > >> >>
> > > >> >> On Thu, Jul 7, 2016 at 1:40 PM, Pete Muir < pmuir at redhat.com >
> > wrote:
> > > >> >>
> > > >> >>
> > > >> >> On 6 July 2016 at 20:02, Rick Wagner < rwagner at redhat.com > wrote:
> > > >> >> > Hello DevTools,
> > > >> >> >
> > > >> >> > It seems we have a problem with the current version of the
> > > >> >> > Development
> > > >> >> > Suite
> > > >> >> > installer. We have at least 2 new customer cases reporting
> > inability
> > > >> >> > to
> > > >> >> > install due to the message dialogue "Terms and Conditions for
> > the CDK
> > > >> >> > have
> > > >> >> > not been signed".
> > > >> >> >
> > > >> >> > This is concerning because we're also seeing similar activity on
> > > >> >> > non-support
> > > >> >> > channels. It's also worth noting that not every user that has a
> > > >> >> > problem
> > > >> >> > reports it-- some just give up and move on. There is enough
> > volume
> > > >> >> > here
> > > >> >> > that we probably should treat this with some urgency.
> > > >> >> >
> > > >> >> > It seems likely the relevant code (thanks for highlighting this,
> > > >> >> > Alexey)
> > > >> >> > is
> > > >> >> > below:
> > > >> >> >
> > > >> >> > -------------------------------------------------
> > > >> >> >
> > > >> >> > login() {
> > > >> >> > this.authFailed = false;
> > > >> >> > this.tandcNotSigned = false;
> > > >> >> >
> > > >> >> > let req = {
> > > >> >> > method: 'GET',
> > > >> >> > url:
> > > >> >> > '
> > > >> >> >
> > https://developers.redhat.com/download-manager/rest/tc-accepted?downloadURL=/file/cdk-2.0.0-beta3.zip
> > > >> >> > ',
> > > >> >> > <<<<<<<<<---- returns 'false' when not approved
> > > >> >>
> > > >> >> I noticed when reading this that this code appears to be
> > downloading
> > > >> >> CDK 2.0.0-beta3 which implies that either this is an old version of
> > > >> >> the installer, or the installer is installing a very old CDK...
> > > >> >>
> > > >> >> > headers: {
> > > >> >> > 'Authorization': 'Basic ' + this.base64.encode(this.username +
> > ':' +
> > > >> >> > this.password)
> > > >> >> > }
> > > >> >> > };
> > > >> >> >
> > > >> >> > this.http(req)
> > > >> >> > .then(this.handleHttpSuccess.bind(this))
> > > >> >> > .catch(this.handleHttpFailure.bind(this));
> > > >> >> > }
> > > >> >> >
> > > >> >> > ---------------------------------
> > > >> >> >
> > > >> >> >
> > > >> >> > So we have users getting denied use of our product. Do we
> > require a
> > > >> >> > rebuild
> > > >> >> > immediately? Maybe.
> > > >> >> >
> > > >> >> > How about if we changed the rest service
> > > >> >> > (
> > https://developers.redhat.com/download-manager/rest/tc-accepted )
> > > >> >> > so
> > > >> >> > it
> > > >> >> > includes a peak at an override database as well as whatever it's
> > > >> >> > currently
> > > >> >> > doing now?
> > > >> >> >
> > > >> >> > In that way, we could have the users pop over to a 'yes, I agree
> > to
> > > >> >> > the
> > > >> >> > terms' page to insert an entry into the database. The rest
> > service
> > > >> >> > could
> > > >> >> > use something like the provided username as a key to ensure a
> > 'true'
> > > >> >> > is
> > > >> >> > returned.
> > > >> >> >
> > > >> >> >
> > > >> >> > Or not. Is there a better way to fix this?
> > > >> >> >
> > > >> >> > Please consider, we need to fix this sooner rather than later....
> > > >> >> >
> > > >> >> > Thanks,
> > > >> >> >
> > > >> >> > Rick
> > > >> >> >
> > > >> >> >
> > > >> >> > _______________________________________________
> > > >> >> > Devtools mailing list
> > > >> >> > Devtools at redhat.com
> > > >> >> > https://www.redhat.com/mailman/listinfo/devtools
> > > >> >> >
> > > >> >>
> > > >> >> _______________________________________________
> > > >> >> Devtools mailing list
> > > >> >> Devtools at redhat.com
> > > >> >> https://www.redhat.com/mailman/listinfo/devtools
> > > >> >>
> > > >> >>
> > > >> >> _______________________________________________
> > > >> >> Devtools mailing list
> > > >> >> Devtools at redhat.com
> > > >> >> https://www.redhat.com/mailman/listinfo/devtools
> > > >> >>
> > > >>
> > >
> >
>

More information about the Devtools mailing list