From ae2ff2b467a9a41e5c503e77ea3eeda4bc5ddc5b Mon Sep 17 00:00:00 2001 From: Tom Udding Date: Sat, 24 Aug 2024 21:16:54 +0200 Subject: [PATCH 1/4] feat: change account registration to activation Adds a notice to the login page during August and September to make it clear that activation (and setting a password) is required to be able to use the website. Furthermore, migrates fully to the `activate` endpoint to not cause any confusion. NOTE: this requires complementary changes in GEWISDB. --- module/Application/language/en.po | 38 +++- module/Application/language/gewisweb.pot | 32 +++- module/Application/language/nl.po | 39 +++- module/User/config/module.config.php | 11 +- module/User/src/Controller/UserController.php | 51 +++-- module/User/src/Form/Register.php | 10 +- module/User/test/ControllerTest.php | 2 +- module/User/view/partial/login/member.phtml | 32 +++- module/User/view/user/user/activate.phtml | 174 ++++++++++++------ module/User/view/user/user/register.phtml | 93 ---------- 10 files changed, 259 insertions(+), 223 deletions(-) delete mode 100644 module/User/view/user/user/register.phtml diff --git a/module/Application/language/en.po b/module/Application/language/en.po index aeb6a82b45..201b02b7b5 100644 --- a/module/Application/language/en.po +++ b/module/Application/language/en.po @@ -8,8 +8,8 @@ msgid "" msgstr "" "Project-Id-Version: GEWISweb 0.1.0-dev\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2024-08-03 20:08+0200\n" -"PO-Revision-Date: 2024-08-04 15:14+0200\n" +"POT-Creation-Date: 2024-08-24 21:14+0200\n" +"PO-Revision-Date: 2024-08-24 21:16+0200\n" "Last-Translator: Tom Udding \n" "Language-Team: English \n" "Language: en\n" @@ -17,7 +17,7 @@ msgstr "" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" -"X-Generator: Poedit 3.4.2\n" +"X-Generator: Poedit 3.4.4\n" msgid " has a limited capacity and " msgstr " has a limited capacity and " @@ -398,6 +398,14 @@ msgstr "Approved polls" msgid "Approver" msgstr "Approver" +#, php-format +msgid "" +"Are you a member but do not yet have an account for the website? %sClick " +"here%s to request its activation." +msgstr "" +"Are you a member but do not yet have an account for the website? %sClick " +"here%s to request its activation." + msgid "" "Are you looking for someone to help you with your courses? Send an email " "using one of the following links and we can help you find someone to tutor " @@ -1291,6 +1299,9 @@ msgstr "Flash" msgid "Focal length" msgstr "Focal length" +msgid "Forgot password?" +msgstr "Forgot password?" + #, php-format msgid "Found %d %s matching your description" msgstr "Found %d %s matching your description" @@ -1526,10 +1537,6 @@ msgstr "" "If you aren't able to attend a GMM in person but you want your voice to be " "heard, consider %sauthorizing another member%s to act on your behalf." -#, php-format -msgid "If you don't have an account yet, go to the %sRegistration page%s" -msgstr "If you don't have an account yet, go to the %sRegistration page%s" - #, php-format msgid "If you forgot your password, go to the %sPassword reset page%s" msgstr "If you forgot your password, go to the %sPassword reset page%s" @@ -2373,6 +2380,14 @@ msgstr "Recently Rejected Jobs" msgid "Recently Unapproved Jobs" msgstr "Recently Unapproved Jobs" +#, php-format +msgid "" +"Recently joined GEWIS? Before you can log in, you need to activate your " +"account and set a password, %sclick here%s to do so." +msgstr "" +"Recently joined GEWIS? Before you can log in, you need to activate your " +"account and set a password, %sclick here%s to do so." + msgid "Recipient" msgstr "Recipient" @@ -2382,9 +2397,6 @@ msgstr "Regenerate" msgid "Regenerate album cover" msgstr "Regenerate album cover" -msgid "Register" -msgstr "Register" - msgid "Regulations" msgstr "Regulations" @@ -2424,6 +2436,9 @@ msgstr "Rename Meeting Document" msgid "Representative Information" msgstr "Representative Information" +msgid "Request Activation" +msgstr "Request Activation" + msgid "Request a poll" msgstr "Request a poll" @@ -4117,6 +4132,9 @@ msgstr "" msgid "Your account has been activated. You are now able to login." msgstr "Your account has been activated. You are now able to login." +msgid "Your membership number can be found in the welcome e-mail." +msgstr "Your membership number can be found in the welcome e-mail." + msgid "Your option has been added successfully" msgstr "Your option has been added successfully" diff --git a/module/Application/language/gewisweb.pot b/module/Application/language/gewisweb.pot index 52c99f67c8..468d087169 100644 --- a/module/Application/language/gewisweb.pot +++ b/module/Application/language/gewisweb.pot @@ -6,9 +6,9 @@ #, fuzzy msgid "" msgstr "" -"Project-Id-Version: GEWISweb v2.8.6-743-gc76a7302c-dirty\n" +"Project-Id-Version: GEWISweb v2.8.6-747-ge3d122d45-dirty\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2024-08-07 22:17+0200\n" +"POT-Creation-Date: 2024-08-24 21:14+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -382,6 +382,12 @@ msgstr "" msgid "Approver" msgstr "" +#, php-format +msgid "" +"Are you a member but do not yet have an account for the website? %sClick " +"here%s to request its activation." +msgstr "" + msgid "" "Are you looking for someone to help you with your courses? Send an email " "using one of the following links and we can help you find someone to tutor " @@ -1235,6 +1241,9 @@ msgstr "" msgid "Focal length" msgstr "" +msgid "Forgot password?" +msgstr "" + #, php-format msgid "Found %d %s matching your description" msgstr "" @@ -1439,10 +1448,6 @@ msgid "" "heard, consider %sauthorizing another member%s to act on your behalf." msgstr "" -#, php-format -msgid "If you don't have an account yet, go to the %sRegistration page%s" -msgstr "" - #, php-format msgid "If you forgot your password, go to the %sPassword reset page%s" msgstr "" @@ -2247,6 +2252,12 @@ msgstr "" msgid "Recently Unapproved Jobs" msgstr "" +#, php-format +msgid "" +"Recently joined GEWIS? Before you can log in, you need to activate your " +"account and set a password, %sclick here%s to do so." +msgstr "" + msgid "Recipient" msgstr "" @@ -2256,9 +2267,6 @@ msgstr "" msgid "Regenerate album cover" msgstr "" -msgid "Register" -msgstr "" - msgid "Regulations" msgstr "" @@ -2298,6 +2306,9 @@ msgstr "" msgid "Representative Information" msgstr "" +msgid "Request Activation" +msgstr "" + msgid "Request a poll" msgstr "" @@ -3866,6 +3877,9 @@ msgstr "" msgid "Your account has been activated. You are now able to login." msgstr "" +msgid "Your membership number can be found in the welcome e-mail." +msgstr "" + msgid "Your option has been added successfully" msgstr "" diff --git a/module/Application/language/nl.po b/module/Application/language/nl.po index 2ffd85ef44..00410c84f6 100644 --- a/module/Application/language/nl.po +++ b/module/Application/language/nl.po @@ -8,8 +8,8 @@ msgid "" msgstr "" "Project-Id-Version: GEWISweb 0.1.0-dev\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2024-08-03 20:08+0200\n" -"PO-Revision-Date: 2024-08-04 15:14+0200\n" +"POT-Creation-Date: 2024-08-24 21:14+0200\n" +"PO-Revision-Date: 2024-08-24 21:15+0200\n" "Last-Translator: Tom Udding \n" "Language-Team: English \n" "Language: nl\n" @@ -17,7 +17,7 @@ msgstr "" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" -"X-Generator: Poedit 3.4.2\n" +"X-Generator: Poedit 3.4.4\n" msgid " has a limited capacity and " msgstr " heeft een beperkte capaciteit en " @@ -400,6 +400,14 @@ msgstr "Goedgekeurde polls" msgid "Approver" msgstr "Goedgekeurd door" +#, php-format +msgid "" +"Are you a member but do not yet have an account for the website? %sClick " +"here%s to request its activation." +msgstr "" +"Ben je lid maar heb je nog geen account voor de website? %sKlik hier%s om de " +"activering aan te vragen." + msgid "" "Are you looking for someone to help you with your courses? Send an email " "using one of the following links and we can help you find someone to tutor " @@ -1302,6 +1310,9 @@ msgstr "Flits" msgid "Focal length" msgstr "Brandpuntsafstand" +msgid "Forgot password?" +msgstr "Wachtwoord vergeten?" + #, php-format msgid "Found %d %s matching your description" msgstr "%d %s gevonden overeenkomend met je zoektermen" @@ -1548,10 +1559,6 @@ msgstr "" "toch dat je stem wordt gehoord, overweeg dan %seen ander lid%s te machtigen " "om jou te vertegenwoordingen." -#, php-format -msgid "If you don't have an account yet, go to the %sRegistration page%s" -msgstr "Als je nog geen account hebt, ga naar de %sRegistratie pagina%s" - #, php-format msgid "If you forgot your password, go to the %sPassword reset page%s" msgstr "" @@ -2397,6 +2404,15 @@ msgstr "Onlangs afgekeurde vacatures" msgid "Recently Unapproved Jobs" msgstr "Nog niet goedgekeurde vacatures" +#, php-format +msgid "" +"Recently joined GEWIS? Before you can log in, you need to activate your " +"account and set a password, %sclick here%s to do so." +msgstr "" +"Bent je onlangs lid geworden van GEWIS? Voordat je kunt inloggen, moet je " +"jouw account activeren en een wachtwoord instellen, %sklik hier%s om dat te " +"doen." + msgid "Recipient" msgstr "Ontvanger" @@ -2406,9 +2422,6 @@ msgstr "Genereer opnieuw" msgid "Regenerate album cover" msgstr "Genereer album cover opnieuw" -msgid "Register" -msgstr "Registreer" - msgid "Regulations" msgstr "Reguleringen" @@ -2448,6 +2461,9 @@ msgstr "Hernoem vergaderstuk" msgid "Representative Information" msgstr "Informatie van vertegenwoordiger" +msgid "Request Activation" +msgstr "Activering aanvragen" + msgid "Request a poll" msgstr "Vraag een poll aan" @@ -4176,6 +4192,9 @@ msgstr "" msgid "Your account has been activated. You are now able to login." msgstr "Je account is geactiveerd. Je kunt nu inloggen." +msgid "Your membership number can be found in the welcome e-mail." +msgstr "Je lidmaatschapsnummer vind je in de welkomstmail." + msgid "Your option has been added successfully" msgstr "De optie is succesvol toegevoegd" diff --git a/module/User/config/module.config.php b/module/User/config/module.config.php index 82f295ab15..d71650a9f6 100644 --- a/module/User/config/module.config.php +++ b/module/User/config/module.config.php @@ -31,7 +31,7 @@ 'activate' => [ 'type' => Segment::class, 'options' => [ - 'route' => '/activate/:user_type/:code', + 'route' => '/activate[/:user_type/:code]', 'constraints' => [ 'code' => '[a-zA-Z0-9]+', 'user_type' => '(company|member)', @@ -99,15 +99,6 @@ ], ], ], - 'register' => [ - 'type' => Literal::class, - 'options' => [ - 'route' => '/register', - 'defaults' => [ - 'action' => 'register', - ], - ], - ], ], 'priority' => 100, ], diff --git a/module/User/src/Controller/UserController.php b/module/User/src/Controller/UserController.php index 936208cb60..c4be09c783 100644 --- a/module/User/src/Controller/UserController.php +++ b/module/User/src/Controller/UserController.php @@ -123,30 +123,6 @@ public function logoutAction(): Response return $this->redirect()->toRoute('home'); } - /** - * User register action. - */ - public function registerAction(): ViewModel - { - /** @var Request $request */ - $request = $this->getRequest(); - - if ($request->isPost()) { - $newUser = $this->userService->register($request->getPost()->toArray()); - - if (null !== $newUser) { - return new ViewModel(['registered' => true]); - } - } - - // show form - return new ViewModel( - [ - 'form' => $this->userService->getRegisterForm(), - ], - ); - } - /** * Action to change password. */ @@ -229,6 +205,31 @@ public function activateAction(): Response|ViewModel $userType = $this->params()->fromRoute('user_type'); $code = (string) $this->params()->fromRoute('code'); + /** @var Request $request */ + $request = $this->getRequest(); + + // Handle request to obtain activation information. + if ( + 'member' === $userType + && '' === $code + ) { + if ($request->isPost()) { + $newUser = $this->userService->register($request->getPost()->toArray()); + + if (null !== $newUser) { + return new ViewModel(['registered' => true]); + } + } + + // show form + return new ViewModel( + [ + 'registerForm' => $this->userService->getRegisterForm(), + ], + ); + } + + // Handle actual activation of accounts. if ('company' === $userType) { $newUser = $this->userService->getNewCompanyUser($code); } else { @@ -246,8 +247,6 @@ public function activateAction(): Response|ViewModel return $this->redirect()->toRoute('home'); } - /** @var Request $request */ - $request = $this->getRequest(); $form = $this->userService->getActivateForm($userType); if ($request->isPost()) { diff --git a/module/User/src/Form/Register.php b/module/User/src/Form/Register.php index 8879037189..417a31a0c2 100644 --- a/module/User/src/Form/Register.php +++ b/module/User/src/Form/Register.php @@ -15,10 +15,10 @@ class Register extends Form implements InputFilterProviderInterface { - public const ERROR_NO_EMAIL = 'no_email'; - public const ERROR_MEMBER_NOT_EXISTS = 'member_not_exists'; - public const ERROR_USER_ALREADY_EXISTS = 'user_already_exists'; - public const ERROR_ALREADY_REGISTERED = 'already_registered'; + public const string ERROR_NO_EMAIL = 'no_email'; + public const string ERROR_MEMBER_NOT_EXISTS = 'member_not_exists'; + public const string ERROR_USER_ALREADY_EXISTS = 'user_already_exists'; + public const string ERROR_ALREADY_REGISTERED = 'already_registered'; public function __construct(protected Translator $translator) { @@ -39,7 +39,7 @@ public function __construct(protected Translator $translator) 'name' => 'submit', 'type' => Submit::class, 'attributes' => [ - 'value' => $translator->translate('Register'), + 'value' => $translator->translate('Request Activation'), ], ], ); diff --git a/module/User/test/ControllerTest.php b/module/User/test/ControllerTest.php index 0fc682cd8a..7ddad4dfc4 100644 --- a/module/User/test/ControllerTest.php +++ b/module/User/test/ControllerTest.php @@ -25,7 +25,7 @@ public function testMemberLoginActionCanBeAccessed(): void public function testUserRegisterActionCanBeAccessed(): void { - $this->dispatch('/user/register'); + $this->dispatch('/user/activate'); $this->assertResponseStatusCode(200); } diff --git a/module/User/view/partial/login/member.phtml b/module/User/view/partial/login/member.phtml index 3470752573..5750021bda 100644 --- a/module/User/view/partial/login/member.phtml +++ b/module/User/view/partial/login/member.phtml @@ -27,6 +27,24 @@ $form->setAttribute('role', 'form'); $form->setAttribute('class', 'form-horizontal'); ?>
+ format('n')); + if (8 === $month || 9 === $month): + ?> +
+
+
+

+ translate('Recently joined GEWIS? Before you can log in, you need to activate your account and set a password, %sclick here%s to do so.'), + '', + '', + ) ?> +

+
+
+
+ form()->openTag($form) ?> get('login'); @@ -54,6 +72,9 @@ $form->setAttribute('class', 'form-horizontal');
formPassword($element) ?> formElementErrors($element, ['class' => 'help-block']); ?> + + translate('Forgot password?') ?> +
setAttribute('class', 'form-horizontal'); form()->closeTag(); ?>
- url('user/register'); ?> -

- translate("If you don't have an account yet, go to the %sRegistration page%s"), '', '') ?> -

- url('user/password/reset', ['user_type' => 'member']); ?>

- translate("If you forgot your password, go to the %sPassword reset page%s"), '', '') ?> + translate('Are you a member but do not yet have an account for the website? %sClick here%s to request its activation.'), + '', + '', + ) ?>

diff --git a/module/User/view/user/user/activate.phtml b/module/User/view/user/user/activate.phtml index b72690d9c4..f477f6a66d 100644 --- a/module/User/view/user/user/activate.phtml +++ b/module/User/view/user/user/activate.phtml @@ -21,18 +21,11 @@ $this->headTitle($this->translate('Activate')); ?>
- activated) && $this->activated): ?> + + translate('Your account for the GEWIS website has been registered, check your inbox for an activation e-mail.') ?> + translate('Your account has been activated. You are now able to login.') ?> - prepare(); - - $form->setAttribute('action', $this->url('user/activate', ['user_type' => $userType, 'code' => $this->user->getCode()])); - $form->setAttribute('method', 'post'); - - $form->setAttribute('role', 'form'); - $form->setAttribute('class', 'form-horizontal'); - ?>
@@ -40,58 +33,133 @@ $this->headTitle($this->translate('Activate'));

translate('Activate') ?>

- form()->openTag($form); ?> -

+ getCompany()->getRepresentativeName(); - } else { - $member = $user->getMember(); - $name = $member->getFirstName() . ' ' . $member->getLastName(); - } + $form = $registerForm; + $form->prepare(); + + $form->setAttribute('action', $this->url('user/activate')); + $form->setAttribute('method', 'post'); + + $form->setAttribute('role', 'form'); + $form->setAttribute('class', 'form-horizontal'); ?> - translate("Welcome %s. Create your password for the website and activate your account."), $name) ?> -

- get('password'); - $element->setAttribute('class', 'form-control'); - $element->setAttribute('placeholder', $this->translate('Password')); - $element->setAttribute('autocomplete', 'new-password'); - ?> -
- -
- formPassword($element) ?> - formElementErrors($element, ['class' => 'help-block']) ?> +
+
+
+

+ translate('To get an account on the website, you must be a member of GEWIS. To read more about the benefits of membership and how to become a member, visit this %sinformation page%s.'), + '', + '', + ) ?> +

+
+
-
- get('password_verify'); - $element->setAttribute('class', 'form-control'); - $element->setAttribute('placeholder', $this->translate('Verify password')); - $element->setAttribute('autocomplete', 'new-password'); - ?> -
- -
- formPassword($element) ?> - formElementErrors($element, ['class' => 'help-block']) ?> + form()->openTag($form); ?> + + get('lidnr'); + $element->setAttribute('id', 'lidnr'); + $element->setAttribute('class', 'form-control'); + ?> +
+ +
+ formInput($element) ?> + formElementErrors($element, ['class' => 'help-block']); ?> +

+ translate('Your membership number can be found in the welcome e-mail.') ?> +

+
+
+ +
+
+ get('submit'); + $submit->setAttribute('class', 'btn btn-primary'); + ?> + formRow($submit); ?> +
-
-
-
+ formElement($form->get('security')) ?> + + form()->closeTag(); ?> + + prepare(); + + $form->setAttribute('action', $this->url('user/activate', ['user_type' => $userType, 'code' => $user->getCode()])); + $form->setAttribute('method', 'post'); + + $form->setAttribute('role', 'form'); + $form->setAttribute('class', 'form-horizontal'); + ?> + form()->openTag($form); ?> +

get('submit'); - $submit->setAttribute('class', 'btn btn-primary'); + if ('company' === $userType) { + $name = $user->getCompany()->getRepresentativeName(); + } else { + $member = $user->getMember(); + $name = $member->getFirstName() . ' ' . $member->getLastName(); + } ?> - formRow($submit); ?> + translate("Welcome %s. Create your password for the website and activate your account."), $name) ?> +

+ get('password'); + $element->setAttribute('class', 'form-control'); + $element->setAttribute('placeholder', $this->translate('Password')); + $element->setAttribute('autocomplete', 'new-password'); + ?> +
+ +
+ formPassword($element) ?> + formElementErrors($element, ['class' => 'help-block']) ?> +
+
+ get('password_verify'); + $element->setAttribute('class', 'form-control'); + $element->setAttribute('placeholder', $this->translate('Verify password')); + $element->setAttribute('autocomplete', 'new-password'); + ?> +
+ +
+ formPassword($element) ?> + formElementErrors($element, ['class' => 'help-block']) ?> +
+
+ +
+
+ get('submit'); + $submit->setAttribute('class', 'btn btn-primary'); + ?> + formRow($submit); ?> +
-
- form()->closeTag(); ?> + form()->closeTag(); ?> +
diff --git a/module/User/view/user/user/register.phtml b/module/User/view/user/user/register.phtml deleted file mode 100644 index 25f27221f8..0000000000 --- a/module/User/view/user/user/register.phtml +++ /dev/null @@ -1,93 +0,0 @@ -headTitle($this->translate('Register')); -?> -
-
- registered) && $this->registered): ?> - translate('Your account for the GEWIS website has been registered, check your inbox for an activation e-mail.') ?> - - prepare(); - - $form->setAttribute('action', $this->url('user/register')); - $form->setAttribute('method', 'post'); - - $form->setAttribute('role', 'form'); - $form->setAttribute('class', 'form-horizontal'); - ?> -
-
-
-
-

translate('Register') ?>

-
-
-
-
-
-

- translate('To get an account on the website, you must be a member of GEWIS. To read more about the benefits of membership and how to become a member, visit this %sinformation page%s.'), - '', - '', - ) ?> -

-
-
-
- form()->openTag($form); ?> - - get('lidnr'); - $element->setAttribute('id', 'lidnr'); - $element->setAttribute('class', 'form-control'); - ?> -
- -
- formInput($element) ?> - formElementErrors($element, ['class' => 'help-block']); ?> -
-
- -
-
- get('submit'); - $submit->setAttribute('class', 'btn btn-primary'); - ?> - formRow($submit); ?> -
-
- - formElement($form->get('security')) ?> - - form()->closeTag(); ?> -
-
-
-
- -
-
From 25f9339d654f329911f39831d3cb482bcfe7f6b5 Mon Sep 17 00:00:00 2001 From: Tom Udding Date: Sat, 24 Aug 2024 21:25:14 +0200 Subject: [PATCH 2/4] fix: 404 when clicking on links in older e-mails Because some people may not yet have activated their account on the website we should temporarily keep the original URL active. --- module/User/config/module.config.php | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/module/User/config/module.config.php b/module/User/config/module.config.php index d71650a9f6..c79b931eb4 100644 --- a/module/User/config/module.config.php +++ b/module/User/config/module.config.php @@ -42,6 +42,18 @@ ], ], ], + // The `register` endpoint only exists to handle cases where users click links in old e-mails. + // TODO: remove after 1 January 2025. + 'register' => [ + 'type' => Literal::class, + 'options' => [ + 'route' => '/register', + 'defaults' => [ + 'action' => 'activate', + 'user_type' => 'member', + ], + ], + ], 'login' => [ 'type' => Segment::class, 'options' => [ From 81d40b4266dc6991fc35f2ec551ec0623ca315a5 Mon Sep 17 00:00:00 2001 From: Tom Udding Date: Sat, 24 Aug 2024 21:29:58 +0200 Subject: [PATCH 3/4] feat: sync every 30 minutes at :28 and :58 Because people cannot understand "tomorrow". This does make me think, because in all other places we do not sync if `sync_paused` is reported via the API. Maybe we should make an API call before we sync? --- docker/web/development/crontab | 2 +- docker/web/production/crontab | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docker/web/development/crontab b/docker/web/development/crontab index ed12f71749..f058d09868 100644 --- a/docker/web/development/crontab +++ b/docker/web/development/crontab @@ -9,7 +9,7 @@ # * * * * * command to execute # Don't remove the empty line at the end of this file. It is required to run the cron job # 0 0 * * 1 { . /code/config/bash.env && /usr/local/bin/php /code/web photo:weeklyphoto; } > /code/data/logs/cron-weeklyphoto.log 2>&1 -# 58 1 * * * { . /code/config/bash.env && /usr/local/bin/php /code/importdb.php; } > /code/data/logs/cron-importdb.log 2>&1 +# 28,58 * * * * { . /code/config/bash.env && /usr/local/bin/php /code/importdb.php; } > /code/data/logs/cron-importdb.log 2>&1 # 0 23 * * * { . /code/config/bash.env && /usr/local/bin/php /code/web activity:calendar:notify; } > /code/data/logs/cron-activitycalendar.log 2>&1 # 0 * * * * { . /code/config/bash.env && /code/publicarchive.sh; } > /code/data/logs/cron-publicarchive.log 2>&1 # Automated GDPR related tasks below: diff --git a/docker/web/production/crontab b/docker/web/production/crontab index 665ee2d897..349f9cb0ab 100644 --- a/docker/web/production/crontab +++ b/docker/web/production/crontab @@ -9,7 +9,7 @@ # * * * * * command to execute # Don't remove the empty line at the end of this file. It is required to run the cron job 0 0 * * 1 { . /code/config/bash.env && /usr/local/bin/php /code/web photo:weeklyphoto; } > /code/data/logs/cron-weeklyphoto.log 2>&1 -58 1 * * * { . /code/config/bash.env && /usr/local/bin/php /code/importdb.php; } > /code/data/logs/cron-importdb.log 2>&1 +28,58 * * * * { . /code/config/bash.env && /usr/local/bin/php /code/importdb.php; } > /code/data/logs/cron-importdb.log 2>&1 0 23 * * * { . /code/config/bash.env && /usr/local/bin/php /code/web activity:calendar:notify; } > /code/data/logs/cron-activitycalendar.log 2>&1 0 * * * * { . /code/config/bash.env && /code/publicarchive.sh; } > /code/data/logs/cron-publicarchive.log 2>&1 # Automated GDPR related tasks below: From 230fd4acbf91e4c1c75fff73b37d49006975da6c Mon Sep 17 00:00:00 2001 From: Tom Udding Date: Sat, 24 Aug 2024 22:00:56 +0200 Subject: [PATCH 4/4] feat: check GEWISDB API to ensure it is safe to sync --- .env.dist | 4 ++++ importdb.php | 63 +++++++++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 66 insertions(+), 1 deletion(-) diff --git a/.env.dist b/.env.dist index d25e1dbd1f..5ebd7439a8 100644 --- a/.env.dist +++ b/.env.dist @@ -42,6 +42,10 @@ MH_SMTP_BIND_ADDR=0.0.0.0:25 # Settings for Pwned Passwords API to check if passwords are present in known breaches PWNED_PASSWORDS_HOST=https://pwned-passwords.gewis.nl/api +# Settings for GEWISDB API health check +GEWISDB_API_HOST=https://database.test.gewis.nl/api +GEWISDB_API_KEY='thiskeyisnotvalid' + # Google Calendar API (Option Calendar) settings DOCKER_GOOGLE_API_KEY=unknown DOCKER_GOOGLE_CALENDAR_KEY=unknown diff --git a/importdb.php b/importdb.php index 3fa2cbe561..d494beeec9 100644 --- a/importdb.php +++ b/importdb.php @@ -8,6 +8,68 @@ * It is a simple PostgreSQL to MySQL copy script. */ +$apiKey = getenv('GEWISDB_API_KEY'); +$apiHost = getenv('GEWISDB_API_HOST'); + +if ( + false === $apiKey + || false === $apiHost +) { + echo 'API: no sync, environment variables are not set properly...' . PHP_EOL; + exit(1); +} + +$ch = curl_init(); + +$headers = [ + sprintf('Authorization: Bearer %s', $apiKey), +]; + +curl_setopt($ch, CURLOPT_URL, $apiHost . '/health'); +curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); +curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); +curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); + +$response = curl_exec($ch); + +if (false === $response) { + echo 'API: no sync, unexpected cURL error...' . PHP_EOL; + curl_close($ch); + exit(1); +} + +$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE); + +if ( + 200 === $httpCode + || 403 === $httpCode +) { + if (!json_validate($response)) { + echo 'API: no sync, invalid JSON returned...' . PHP_EOL; + curl_close($ch); + exit(1); + } + + $health = json_decode($response, true); + + if ( + $health['healthy'] + && !$health['sync_paused'] + ) { + echo 'API: sync, healthy and syncs are allowed...' . PHP_EOL; + } else { + echo 'API: no sync, sync is paused or API is not healthy...' . PHP_EOL; + curl_close($ch); + exit(1); + } +} else { + echo 'API: no sync, unexpected response...' . PHP_EOL; + curl_close($ch); + exit(1); +} + +curl_close($ch); + echo 'Commencing sync with GEWISDB...' . PHP_EOL; try { @@ -182,7 +244,6 @@ function ($a) use ($i) { /** * Removing old data */ - // Tables without primary keys are skipped if (0 === count($pks[$table])) continue;