Sunday, May 27, 2012

Will Blog Like a Hacker

I am moving away this blog to http://waseem.github.com. Thanks for reading.

Sunday, July 11, 2010

Tunneling your way through

Facebooker provides a super-simple tunneling script using which you can create a tunnel between a public server and your computer. This script is essentially a Ruby wrapper written around ssh.

Recently I migrated my application from facebooker to Koala. In the process I extracted out the tunneling script from facebooker. I also made some changes to it so that it can be used easily. The script is hosted as a gist.

Friday, February 12, 2010

Facebook Connect using Facebooker on Heroku

Recently I had a chance to create a Facebook Connect Rails application. I did not have any public server on which I could host my application so I chose Heroku. We need to host our application on a public server so that we can listen the response of Facebook when we request its servers.

One actually does not need to use heroku or other public server to develop a Facebook application. We can open up our own development machine to internet by port forwarding ans listen the response. However I did not have much time to do all this stuff and decided to host the application on heroku.

So lets get our hands wet with code and stuff.

Goals


In this post we are going to implement user authentication mechanism in a Rails application using Facebook Connect. We would use Authlogic and authlogic facebook connect plugin. This makes life easier for us.

Create a Rails application on heroku


First create a Rails application on your machine and gitify it by running following commands.



First command creates a Rails application named katana and third one initialises a git repository and makes "First Commit".

Now we will push this application to heroku server. First create an account on heroku if you have not done it yet. Now run following commands to push your application to heroku.



First we install the heroku gem and then we upload this application to heroku servers. "$ heroku create" might ask for your heroku credentials.

Installing required Gems and plugins


Now we will install Facebooker, Authlogic gems and authlogic facebook connect plugin in our application.

Heroku requires you to use bundler for installing gems in your application. Read their documentation on gems to know how to do this.

Now create a 'Gemfile' in your application root like following.



The first line above is specific to heroku. Do read heroku documentation to know more about this. Other lines tell the application to install specific gems and use them.

Now install authlogic facebook connect plugin to your application. Give following command to install the plugin.



After the plugin is installed, make a commit and push the changes to heroku by running ':~/katna$ git push heroku master'. After doing this, you are ready to implement user authentication.

User authentication using Facebook Connect


Now create User model. Make your users table migration as following.



'facebook_session_key' and 'facebook_uid' are there to hold the facebook session key of the currently logged in user and his id at the facebook. You must have noticed that 'facebook_uid' column has its limit set to 8. This is because facebook_uid is a big int. On heroku, we have Postgres as default database engine. Postgres will bark at us if we do not provide the limit option. The default integer column in Postgres does not support big ints.

Crate your user model as following.



'acts_as_authentic' will tell authlogic to use this model for authentication purposes. 'before_connect' hook is provided to us be authlogic facebook connect plugin. It can be used to save some user data when he tries to connect to Facebook from our application.

Now create the UserSession model by running '$ script/generate session user_session' command. This 'session' generator is provided by authlogic. Make your UserSession model look like following.



Second line tells Authlogic to let a user "Sign In" and "Sign Up" using his email. By default it is 'username'.

Now add following lines to your 'application_controller.rb'.



First line will set the facebook_session for each user signed in to the application using Facebook connect. Second line adds a helper to retrieve that session.

Now create UserSessions controller and corresponding views.



When a user tries to sign in using facebook connect, 'create' action of UserSessions controller is invoked. After a successful sign in, he is redirected to 'show' action of DashboardsController.

Now create layout 'application.html.erb'.



'fb_connect_javscript_tag' will link the Facebook's JS api with your application. With this we will be able to use Javascript api function in our application.

'init_fb_connect' will tell our application to use XFBML in our application without any quirks.

Now create 'views/user_sessions/new.html.erb'



'authlogic_facebook_login_button' helper is provided by authlogic facebook connect plugin. It will put a facebook connect button on our Sign Up page. By clicking on this button, a user can Sign into our application using facebook connect.

We will now create Dashboards controller.



Following is view for 'show' action of Dashboards controller.



Now remove 'index.html from your 'public' directory and create your 'config/route.rb' to look like following.



Now run the command ':~/katana$ script/generate xd_receiver'. It will create cross domain scripting bridge between facebook and our application. It will allow both of them to communicate.

Now do a ':~/katana$ git commit' and ':~/katana$ git push heroku master' to deploy application to heroku.

Now before you go check out the application, we have to do some more important tasks to do.

Create a Facebook application


Got to Facebook developers page and set up a new application. If your application is hosted at 'http://app.heroku.com', make following edits to your facebook application.

First, on "Canvas Tab" fill in the "Canvas Page URL" as 'http://apps.facebook.com/{some_name}/'. '{some_name}' in the URL has to have at least seven characters. With this URL, the users of your application can access it on Facebook.

On "Canvas Callback URL", put 'http://app.heroku.com/'. Facebook pulls content for Canvas page from this URL for our application. Note, there has to be a trailing '/' at the end of the URL.

In the "Post-Authorize Redirect URL", put 'http://app.heroku.com/user_session/'. Facebook will POST the response when a user tries to sign into the application using facebook connect and is authenticated at the facebook server. Note, there has to be a trailing '/' at the end of the URL. Since facebook POSTs the response at '/user_session', the response will be received by 'create' action of the UserSessions controller.

Now on the in the "Connect URL" on "Connect Tab" put 'http://app.heroku.com/'. Again note the trailing '/'.

In the "Advanced Tab" make sure that the "Application Type" is "Web" and "Sandbox Mode" is "Enabled".

Now we will tell our facebooker to use this application for Facebook connect.

Facebooker configuration


Create a 'config/facebooker.yml' like following.



Replace and with the keys you got from Facebook. Notice one thing that , and other entries in 'facebooker.yml' are not strings. You just simply copy paste them from application page at facebook.

Now make a commit to the application and deploy the application to heroku. After successful deployment, run :~/katana$ heroku rake db:migrate'.

Go to your 'http://app.heroku.com' and try to sign in using facebook connect.

Sunday, November 8, 2009

Love the Code

Recently I went to the New Delhi Ruby Meetup. This is a great place to meet some very good Ruby and Rails developers from New Delhi and NCR. If you are interested in Ruby or Rails or any other technology any way related to web development, you should give it a try.

In the past meetup we had a short brain storming session on "How to be a good Rails developer?".

Apart from making your Ruby programming better, using proper idioms while coding, having some standard variable names throughout different applications, writing more secure code(XSS and SQL injection etc free), one thing which popped up was to make yourself familiar with the code which you use in your application from external sources. These external sources of the code are mainly gems or plugins used by your application.

Rails is a very adaptive community. It adapts new changes very rapidly and humbly. One of the reasons for this is that it is very easy to create gems and plugins to be used by Rails. You can find a gem to do almost any job you want. This easiness sometimes results in a buggy gem. And sometimes these bugs are quite critical for your application and cause some very critical security problems.

One solution to solve this problem which we came up with was to read the source code of the gem. Reading the source code of a gem does not make any sense if the code base of the gem is quite huge. Some gems are really veryhuge. Reading all this code may also not be very productive given you have to complete your application by the deadline. So you come with the idea of reading only that part of the code which is critical to your application. One other thing which makes this code reading painful is the quality of the code in that gem. If the code is not organised well and is also not written well, reading it and understanding it will also take a lot of your precious development time.

The funny thing is that the whole gem is critical to your system. How do you know which part of the code does what unless you read all the parts.

A few solutions(I doubt) which I thought are following.

1. Read the documentation thoroughly


You should try to read the whole documentation of the gem which you are going to use carefully. If you doubt some particular behaviour, you should check out the code implementing that behaviour and other related methods.

2. See all the bug list


If that gem has a bug tracker, you should see all the open bugs and current situation of the bugs in that list. Some bug might be critical to your application. You should also try to solve some bug and submit a patch to the gem.

3. Faith in the community for that gem


If the gem is really very useful and good enough, you will be suggested to use it on IRC or blogs of other Rails developers. You should also check if any of your friends has use it and try to find out if they faced any problems using this gem.
I think there should be some Rating and/or download/installation count indicator for each gem on the gem hosting web site(s). These ratings given by the people and the download count give a very good indication of how much the community trusts a particular gem. This is not a new idea. Vim has been doing from ages.

4. Read the mailing list


You should also try to read the old message threads in the mailing list of that gem. It could be quite tedious. To make it a little bit easier, you should try to search the messages for some 'security' or 'bug'.

One thing we should also expect from the gem maintainers is that they should explicitly state all the critical issues using this particular gem in the documentation.

Wednesday, October 7, 2009

Deleviring mails from a Rails app to the local mbox and displaying in Evolution

A special thanks to one of my friends because of whom this was completed on time.

Recently I was integrating ActionMailer in a Rails application. I was using Cucumber to test the application. In the test environment the general idea is to ask the ActionMailer not to try to deliver the emails really but assume that those are delivered.

When the integration of the ActionMailer was done, I wished to see how the email actually looked like in a mail reader like Thunderbird or Evolution on my local machine before putting the email templates in the production mode. I did not use my production server for all this testing stuff because of the fear of being blacklisted. I actually wished to test how a email looked like after the delivery.

To accomplish this I asked ActionMailer to use Postfix to deliver those emails to my local GNU/Linux mbox. I then used Evolution mail reader to read my local mbox so that I could see how the actual mail looked like after delivery. I did following things to achieve this.

Install Postfix



I have Ubuntu on my development machine. So to install Postfix you could do just the following.

$ sudo aptitude install postfix

Above will install and configure the postfix on your machine. To check if the postfix was configured correctly on your system try sending a mail to yourself.


$ mail <your_login_name_to_machine>(e.g. waseem on my machine)
Subject: Test mail to local user.
Trying to send a mail to the local user.
.
Cc:
$

Now we test if the mail was actually delivered to the local mailbox.

$ mail
Mail version 8.1.2 01/15/2001. Type ? for help.
"/var/mail/waseem": 1 message 1 new
>N 1 waseem@goodlove Wed Oct 7 15:34 14/460 Test mail to local user.
&

Looks like the mail was delivered.

Configure Postfix to use virtual email addresses.



I am developing a Rails application which lets some user sign up using their email address. In my user model I have a validation which checks the format of the email address submitted by a user when she signs up. In my tests I used email with format of "user_name@webapp.test". To force Postfix to deliver all the mails send to the email of this format I used its virtual_alias_maps configuration option.

Postfix's virtual_alias_maps lets you create any number of 'virtual' email addresses, that would all end up in one email account. And for the testing purposes I wanted that account to be my local system user's account mailbox.

First we create a file called 'virtual' which will hold the mapping of the aliases of the email formats.

$ sudo vim /etc/postfix/virtual

Put the following lines in that file.

@webapp.test waseem
@test.local waseem


Above tells Postfix that all the mails send to the emails ending in @webapp.test and @test.local domains should be delivered to the mbox of user waseem. :)
Now we hash this file so that postfix can read this file faster.

$ sudo postmap /etc/postfix/virtual


A /etc/postfix/virtual.db file would be created after doing this.

Now we tell Postfix to use this file for virtual alias maps.


$ sudo postconf -e "virtual_alias_maps = hash:/etc/postfix/virtual"


Now we restart Postfix by doing $ sudo /etc/init.d/postfix restart.

Ask Rails to use Postfix for the mail delivery.



In your config/enviroments/test.rb replace config.action_mailer.delivery_method = :test with config.action_mailer.delivery_method = :smtp

Now we test the if the delivery of the mails is taking place by making some actions which cause execution of mail delivery method in the Rails app code. In my case it was just by executing feature definition which tried to signup a user to the application.

When I did the above, I faced following error.

OpenSSL::SSL::SSLError (hostname was not match with the server certificate):
/usr/lib/ruby/1.8/openssl/ssl.rb:123:in `post_connection_check'
/usr/lib/ruby/1.8/net/smtp.rb:582:in `tlsconnect'


I googled for the solution and found out two of them. First was to ask Postfix to not to do any SSL security checks. To do this you should edit the /etc/postfix/main.cf to have smtpd_tls_auth_only=no. Restart the Postfix and you are fine again.

Other solution is to generate good SSL files and force Postfix to use them. I prefered the first solution as it suited my needs.

Now when you tried sending emails with you Rails application to any email address ending in @webapp.test or @test.local, those were actually delivered to the local mbox of user waseem. You could test it by running the mail program in your terminal.

Using Evolution to read your local mailbox.



It is comparatively quite simple. You just create a new account in the Evolution program. Enter any email address and select "Standard mbox spool or directory". Now choose /var/mail/<your_login_name_to_machine> for the path. Choose SMTP as your mail server type and localhost in the server configuration. You are done now.

Now when you check this account in the Evolution, you will find those emails sent by the Rails application in the test environment.

Enjoy!!

Wednesday, September 16, 2009

Enabling 'choice_node' in XMLMapping gem

XML-Mapping is a great ruby gem. It lets you make ruby objects from XML and vice versa. It is a very useful gem but it seems that it is not maintained from it's project page. The last release was done on December 2005. Looks like it is no longer being maintained by it's author.

I am using XML-Mapping and Cucumber to test a rails application which generates XML feeds. Recently I had a need to use 'choice_node' method. But it gave me a 'undefined method choice_node' every time I tried to use it. The funny part is the method is very well documented like any other methods.

I had installed it from the source as a gem at my local machine. When searched the code for definition on ChoiceNode class I got nothing. It means the code which I downloaded did not have any choice_node method in it so how come I was going to get it in my application.

However following fixed the problem.

First remove or better rename the old gem.

gem_install_directory$ mv xml-mapping-0.8.1 xml-mapping-0.8.1-old


Then checkout the latest source of the gem from it's CVS repository.


gem_install_directory$ cvs -d :pserver:anonymous@rubyforge.org:/var/cvs/xml-mapping login
gem_install_directory$ cvs -d :pserver:anonymous@rubyforge.org:/var/cvs/xml-mapping checkout .


Now you can use the XML-Mapping gem with it's full power.

Thursday, June 25, 2009

Skype: Problem with audio playback on Jaunty

I recently bought a Dell Inspiron and installed Ubuntu Jaunty Jackalope on it. I was having a hard time making skype work on this. Every time I started skype, it gave me a "Problem with audio playback" error. I googled a lot and on Ubuntu forums found following solution to this.

First go to Skype->Options->Sound Devices and set "Sound In", "Sound Out" and "Ringing" all to pulse. Uncheck the "Allow Skype to automatically adjust my mixer levels".

Now go to the volume settings by double by clicking on the speaker icon on top panel. Here in the preferences, check the capture option. Now in the recording tab unmute the mic.

Go to Skype and make a test call. Everything should be working by now.

This solution was found here.