S0000100=====================================================================

 0. Ruby
 1. Rails
 2. Installation on Debian
 3. Installation on Windows
 4. Simple example: an Addressbook
 5. Modifying the MVC
 6. Foreign keys
 7. Passenger
 8. Addressbook with http authentication
 9. REST
10. REST Client (using http authentication)
11. Add crypt to REST Client
12. Addressbook with WebAuth
13. Using AWDwR
14. Other aspects of customisation

E0000100=====================================================================
S0100100=====================================================================

sudo mkdir -p /var/chroots/rails-chroot
sudo debootstrap etch /var/chroots/rails-chroot \
            http://mirror.ox.ac.uk/debian

sudo mount -t proc /proc /var/chroots/rails-chroot/proc

E0100100=====================================================================
S0100150=====================================================================

sudo chroot /var/chroots/rails-chroot

E0100150=====================================================================
S0100200=====================================================================

cat >/etc/apt/sources.list <<%
deb http://mirror.ox.ac.uk/debian etch main contrib non-free
deb http://debian-security.oucs.ox.ac.uk/security etch/updates \
                                         main contrib non-free
deb http://debian.oucs.ox.ac.uk/sysdev/etch stable general
%
cat >/etc/hosts <<%
127.0.0.1  localhost
%
cat >/etc/resolv.conf <<%
search oucs.ox.ac.uk
nameserver 163.1.2.1
nameserver 129.67.1.180
%
apt-get update
apt-get install locales
echo en_US.UTF-8 UTF-8 >/etc/locale.gen
locale-gen
apt-get upgrade
apt-get install debhelper build-essential dnsutils devscripts less

E0100200=====================================================================
S0100300=====================================================================

apt-get install mysql-server
ed /etc/mysql/my.cnf <<'%'
g/3306/s//8116/gp
w
q
%
/etc/init.d/mysql stop
/etc/init.d/mysql start
mysqladmin -P 8116 -u root password PW4root
mysql -P8116 -u root -p
PW4root
\q

E0100300=====================================================================
S0100400=====================================================================

apt-get install ruby ri rdoc ruby1.8-examples libmysql-ruby 
(cd /usr/bin; ln -s irb1.8 irb)

ruby -v; ri -v; rdoc -v; irb -v
# I got:
# ruby 1.8.5 (2006-08-25) [i486-linux]
# ri v1.0.1 - 20041108
# RDoc V1.0.1 - 20041108
# irb 0.9.5(05/04/13)

E0100400=====================================================================
S0100500=====================================================================

apt-get install rubygems
gem -v

E0100500=====================================================================
S0100600=====================================================================

gem update --system 

E0100600=====================================================================
S0100650=====================================================================

ls -l /usr/bin/gem1.8
rm /usr/bin/gem
ln -s /usr/bin/gem1.8 /usr/bin/gem
gem -v; ri -v; rdoc -v
# I got:
# 1.1.1
# ri v1.0.1 - 20041108
# RDoc V1.0.1 - 20041108

E0100650=====================================================================
S0100700=====================================================================

gem install rails --include-dependencies
# I got:
# INFO:  `gem install -y` is now default and will be removed
# INFO:  use --ignore-dependencies to install only the gems you list
# Bulk updating Gem source index for: http://gems.rubyforge.org
# Bulk updating Gem source index for: http://gems.rubyforge.org
# Successfully installed rake-0.8.1
# Successfully installed activesupport-2.1.0
# Successfully installed activerecord-2.1.0
# Successfully installed actionpack-2.1.0
# Successfully installed actionmailer-2.1.0
# Successfully installed activeresource-2.1.0
# Successfully installed rails-2.1.0
# ...

E0100700=====================================================================
S0100800=====================================================================

rails -v
# I got:
# Rails 2.1.0

E0100800=====================================================================
S0400800=====================================================================

mkdir /var/apps
cd /var/apps

E0400800=====================================================================
S0400900=====================================================================

rails -d mysql contacts

cd /var/apps/contacts
ls

E0400900=====================================================================
S0401100=====================================================================

cd /var/apps/contacts/config
cat database.yml
cat >database.yml <<%
development:
  adapter: mysql
  port: 8116
  encoding: utf8
  database: contacts_development
  username: ruby
  password: PW4ruby

# Warning: The database defined as 'test' will be erased and
# re-generated from your development database when you run 'rake'.
# Do not set this db to the same as development or production.
test:
  adapter: mysql
  port: 8116
  encoding: utf8
  database: contacts_test
  username: ruby
  password: PW4ruby

production:
  adapter: mysql
  port: 8116
  encoding: utf8
  database: contacts_production
  username: ruby
  password: PW4ruby

%

E0401100=====================================================================
S0401150=====================================================================

mysql -P 8116 -u root -p mysql <<%
grant all privileges on contacts_development.* \
          to ruby@localhost identified by 'PW4ruby';
grant all privileges on contacts_production.*  \
          to ruby@localhost identified by 'PW4ruby';
grant all privileges on contacts_test.*        \
          to ruby@localhost identified by 'PW4ruby';
flush privileges;
\q
%
PW4root

E0401150=====================================================================
S0401200=====================================================================

cd /var/apps/contacts
rake db:create:all

E0401200=====================================================================
S0401300=====================================================================

cd /var/apps/contacts
ruby script/generate scaffold Phone \
       name:string \
       number:string

E0401300=====================================================================
S0401350=====================================================================

cd /var/apps/contacts/db/migrate
cat *_create_phones.rb

E0401350=====================================================================
S0401380=====================================================================

class CreatePhones < ActiveRecord::Migration
  def self.up
    create_table :phones do |t|
      t.string :name
      t.string :number
      t.timestamps
    end
  end

  def self.down
    drop_table :phones
  end
end

E0401380=====================================================================
S0401400=====================================================================

cd /var/apps/contacts
rake db:migrate

E0401400=====================================================================
S0401450=====================================================================

mysql -P 8116 -u root -p contacts_development <<%
show create table phones;
select * from phones;
\q
%
PW4root
# I got no output from the select because the table exists but is empty

E0401450=====================================================================
S0401500=====================================================================

cd /var/apps/contacts
ruby script/server -p 8119 &
# I got:
# => Booting WEBrick...
# => Rails application started on http://0.0.0.0:8119
# => Ctrl-C to shutdown server; call with --help for options
# [2008-05-31 12:16:11] INFO  WEBrick 1.3.1
# [2008-05-31 12:16:11] INFO  ruby 1.8.5 (2006-08-25) [i486-linux]
# [2008-05-31 12:16:11] INFO  WEBrick::HTTPServer#start: pid=28586 port=8119

E0401500=====================================================================
S0401600=====================================================================

ps -ef | grep ruby

E0401600=====================================================================
S0401650=====================================================================

kill -KILL PPP

E0401650=====================================================================
S0401700=====================================================================

http://www.abcd.ox.ac.uk:8119/phones

E0401700=====================================================================
S0401800=====================================================================

http://www.abcd.ox.ac.uk:8119/phones/new

E0401800=====================================================================
S0401900=====================================================================

http://www.abcd.ox.ac.uk:8119/phones/1

E0401900=====================================================================
S0402000=====================================================================

http://www.abcd.ox.ac.uk:8119/phones/1/edit

E0402000=====================================================================
S0500100=====================================================================

class PhonesController < ApplicationController
  def index
    @phones = Phone.find(:all)
    respond_to do |format|
      format.html # index.html.erb
      format.xml  { render :xml => @phones }
    end
  end
  ...
end

E0500100=====================================================================
S0500200=====================================================================

<h1>Listing phones</h1>
<table>
  <tr>
    <th>Name</th>
    <th>Number</th>
  </tr>
<% for phone in @phones %>
  <tr>
    <td><%=h phone.name %></td>
    <td><%=h phone.number %></td>
    <td><%= link_to 'Show', phone %></td>
    <td><%= link_to 'Edit', edit_phone_path(phone) %></td>
    <td><%= link_to 'Destroy', phone, 
                               :confirm => 'Are you sure?', 
                               :method => :delete %></td>
  </tr>
<% end %>
</table>
<br />
<%= link_to 'New phone', new_phone_path %>

E0500200=====================================================================
S0600010=====================================================================

mkdir -p /var/apps
cd /var/apps
rails -d mysql jabs

E0600010=====================================================================
S0600020=====================================================================

cd /var/apps/jabs/config
cat database.yml
cat >database.yml <<%
development:
  adapter: mysql
  port: 8116
  encoding: utf8
  database: jabs_development
  username: ruby
  password: PW4ruby

# Warning: The database defined as 'test' will be erased and
# re-generated from your development database when you run 'rake'.
# Do not set this db to the same as development or production.
test:
  adapter: mysql
  port: 8116
  encoding: utf8
  database: jabs_test
  username: ruby
  password: PW4ruby

production:
  adapter: mysql
  port: 8116
  encoding: utf8
  database: jabs_production
  username: ruby
  password: PW4ruby

%

E0600020=====================================================================
S0600030=====================================================================

mysql -P 8116 -u root -p mysql <<%
grant all privileges on jabs_development.* \
          to ruby@localhost identified by 'PW4ruby';
grant all privileges on jabs_production.* \
          to ruby@localhost identified by 'PW4ruby';
grant all privileges on jabs_test.* \
          to ruby@localhost identified by 'PW4ruby';
flush privileges;
\q
%
PW4root

E0600030=====================================================================
S0600100=====================================================================

cd /var/apps/jabs
rake db:create:all

E0600100=====================================================================
S0600200=====================================================================

cd /var/apps/jabs
ruby script/generate scaffold Course \
       gpmap:string \
       length:decimal \
       route_summary:string \
       route_description:text

E0600200=====================================================================
S0600250=====================================================================

cd /var/apps/jabs/db/migrate
cat *_create_courses.rb
cat >*_create_courses.rb <<%
class CreateCourses < ActiveRecord::Migration
  def self.up
    create_table :courses do |t|
      t.string :gpmap
      t.decimal :length, :precision => 4, :scale => 2
      t.string :route_summary
      t.text :route_description

      t.timestamps
    end
  end

  def self.down
    drop_table :courses
  end
end
%

cd /var/apps/jabs
rake db:migrate

mysql -P 8116 -u root -p jabs_development <<%
show create table courses;
select * from courses;
\q
%
PW4root
# I got no output from the select because the table exists but is empty

E0600250=====================================================================
S0600300=====================================================================

cd /var/apps/jabs
ruby script/server -p 8119 &
ps -ef | grep ruby

http://www.abcd.ox.ac.uk:8119/courses

E0600300=====================================================================
S0600400=====================================================================

ruby script/generate scaffold Event \
       date:date \
       minutes:integer \
       seconds:integer \
       forwards:boolean \
       course_id:integer

E0600400=====================================================================
S0600500=====================================================================

cd /var/apps/jabs/db/migrate
cat *_create_events.rb
cat >*_create_events.rb <<%
class CreateEvents < ActiveRecord::Migration
  def self.up
    create_table :events do |t|
      t.date :date
      t.integer :minutes
      t.integer :seconds
      t.boolean :forwards
      t.integer :course_id, :null => false

      t.timestamps
    end
    execute "alter table events add constraint fk_event_courses
        foreign key (course_id) references courses(id)"
  end

  def self.down
    drop_table :events
  end
end
%

E0600500=====================================================================
S0600550=====================================================================

cd /var/apps/jabs
cat app/models/course.rb 
cat >app/models/course.rb <<%
class Course < ActiveRecord::Base
  has_many :events
end
%

cat app/models/event.rb 
cat >app/models/event.rb <<%
class Event < ActiveRecord::Base
  belongs_to :course
end
%

E0600550=====================================================================
S0600570=====================================================================

cd /var/apps/jabs
rake db:migrate

mysql -P 8116 -u root -p jabs_development <<%
show create table events;
select * from events;
\q
%
PW4root
# This showed the foreign key but there was no output 
# from the select because the table exists but is empty

E0600570=====================================================================
S0600600=====================================================================

ps -ef | grep ruby
kill -KILL PPP
cd /var/apps/jabs
ruby script/server -p 8119 &
ps -ef | grep ruby

http://www.abcd.ox.ac.uk:8119/events

E0600600=====================================================================
S0600650=====================================================================

ed app/controllers/events_controller.rb <<%
/def new/a
    @courses = 
      Course.find(:all, 
        :order => "length desc, route_summary").map do |c|
          [c.length.to_s + " " + c.route_summary, c.id]
        end
.
w
q
%

ed app/views/events/new.html.erb <<'%'
g/f.text_field :course_id/s//f.select(:course_id, @courses)/gp
w
q
%

E0600650=====================================================================
S0600655=====================================================================

http://www.abcd.ox.ac.uk:8119/events

E0600655=====================================================================
S0600700=====================================================================

ruby script/generate scaffold Person \
       code:string \
       firstname:string \
       lastname:string

E0600700=====================================================================
S0600800=====================================================================

cd /var/apps/jabs/db/migrate
cat *_create_people.rb

cd /var/apps/jabs
rake db:migrate

mysql -P 8116 -u root -p jabs_development <<%
show create table people;
select * from people;
\q
%
PW4root
# This showed no output from select 'cos table exists but is empty

E0600800=====================================================================
S0600900=====================================================================

ps -ef | grep ruby
kill -KILL PPP
cd /var/apps/jabs
ruby script/server -p 8119 &
ps -ef | grep ruby

http://www.abcd.ox.ac.uk:8119/people

E0600900=====================================================================
S0601000=====================================================================

ruby script/generate scaffold Runner \
       event_id:integer \
       person_id:integer

E0601000=====================================================================
S0601100=====================================================================

cd /var/apps/jabs/db/migrate
cat *_create_runners.rb
cat >*_create_runners.rb <<%
class CreateRunners < ActiveRecord::Migration
  def self.up
    create_table :runners do |t|
      t.integer :event_id, :null => false
      t.integer :person_id, :null => false

      t.timestamps
    end
    execute "alter table runners add constraint fk_runner_events
               foreign key (event_id) references events(id)"
    execute "alter table runners add constraint fk_runner_people
               foreign key (person_id) references people(id)"
  end

  def self.down
    drop_table :runners
  end
end
%

cd /var/apps/jabs
cat app/models/event.rb 
cat >app/models/event.rb <<%
class Event < ActiveRecord::Base
  belongs_to :course
  has_many :runners
end
%

cat app/models/person.rb 
cat >app/models/person.rb <<%
class Person < ActiveRecord::Base
  has_many :runners
end
%

cat app/models/runner.rb 
cat >app/models/runner.rb <<%
class Runner < ActiveRecord::Base
  belongs_to :event
  belongs_to :person
end
%

cd /var/apps/jabs
rake db:migrate

mysql -P 8116 -u root -p jabs_development <<%
show create table runners;
select * from runners;
\q
%
PW4root
# This showed the foreign keys but no output 
# from the select because the table exists but is empty

E0601100=====================================================================
S0601200=====================================================================

ps -ef | grep ruby
kill -KILL PPP
cd /var/apps/jabs
ruby script/server -p 8119 &
ps -ef | grep ruby

http://www.abcd.ox.ac.uk:8119/runners

ed app/controllers/runners_controller.rb <<%
/def new/a
    @events = Event.find(:all).map do |e|
                [e.date.to_s + " " + e.course.length.to_s + 
                               " " + e.course.route_summary, e.id]
              end
    @people = Person.find(:all).map do |p|
                [p.firstname + " " + p.lastname, p.id]
              end
.
w
q
%

ed app/views/runners/new.html.erb <<'%'
g/f.text_field :event_id/s//f.select(:event_id, @events)/gp
g/f.text_field :person_id/s//f.select(:person_id, @people)/gp
w
q
%

http://www.abcd.ox.ac.uk:8119/runners

E0601200=====================================================================
S0700200=====================================================================

# Apache fails to start if port 80 is already in use
apt-get install apache2-mpm-prefork apache2-prefork-dev 

# arrange for Apache to start when rebooted
ed /etc/default/apache2 <<'%'
g/NO_START=1/s//NO_START=0/gp
w
q
%
# listen on ports 8110 and 8113 rather than 80 (and 443)
ed /etc/apache2/ports.conf <<'%'
g/80/s//8110/gp
1a
Listen 8113
.
w
q
%
/etc/init.d/apache2 stop # this might fail
/etc/init.d/apache2 start


E0700200=====================================================================
S0700250=====================================================================

cat >/var/www/hello.html <<%
<html>
  <body>
    <p>hello</p>
  </body>
</html>
%

http://www.abcd.ox.ac.uk:8110/hello.html

rm /var/www/hello.html

E0700250=====================================================================
S0700300=====================================================================

apt-get install ruby1.8-dev
gem install passenger

E0700300=====================================================================
S0700350=====================================================================

passenger-install-apache2-module

E0700350=====================================================================
S0700400=====================================================================

cd /etc/apache2/mods-available
cat >passenger.conf <<%
RailsSpawnServer \
 /usr/lib/ruby/gems/1.8/gems/passenger-1.0.5/bin/passenger-spawn-server
RailsRuby /usr/bin/ruby1.8
RailsEnv development
%
cat >passenger.load <<%
LoadModule passenger_module \
 /usr/lib/ruby/gems/1.8/gems/passenger-1.0.5/ext/apache2/mod_passenger.so
%

E0700400=====================================================================
S0700500=====================================================================

cd /etc/apache2/mods-enabled
ln -s /etc/apache2/mods-available/passenger.conf .
ln -s /etc/apache2/mods-available/passenger.load .


E0700500=====================================================================
S0700600=====================================================================

mkdir -p /var/www/apps
ln -s /var/apps/contacts/public /var/www/apps/contacts

E0700600=====================================================================
S0700700=====================================================================

cd /etc/apache2/sites-available
ed default <<'%'
$i
    RailsAutoDetect off
    RailsBaseURI /apps/contacts

.
w
y
%

E0700700=====================================================================
S0700800=====================================================================

/etc/init.d/apache2 stop
/etc/init.d/apache2 start

E0700800=====================================================================
S0700900=====================================================================

http://www.abcd.ox.ac.uk:8110/apps/contacts/phones

E0700900=====================================================================
S0800100=====================================================================

mkdir -p /etc/apache2/ssl
apt-get install ssl-cert
/usr/sbin/make-ssl-cert /usr/share/ssl-cert/ssleay.cnf \
                        /etc/apache2/ssl/apache.pem
GB
Oxfordshire
Oxford
University of Oxford
The ABCD Department
www.abcd.ox.ac.uk
pat.lee@abcd.ox.ac.uk

ls -lrt /etc/apache2/ssl/apache.pem

E0800100=====================================================================
S0800200=====================================================================

cd /etc/apache2/mods-enabled
ln -s /etc/apache2/mods-available/ssl.conf .
ln -s /etc/apache2/mods-available/ssl.load .

E0800200=====================================================================
S0800300=====================================================================

cd /etc/apache2/sites-available
cp -p default ssl
ed ssl <<'%'
g/^NameVirtualHost \*/s//NameVirtualHost *:8113/p
g/^<VirtualHost \*>/s//<VirtualHost *:8113>/p
$i
    SSLEngine On
    SSLCertificateFile /etc/apache2/ssl/apache.pem

.
w
q
%

E0800300=====================================================================
S0800350=====================================================================

NameVirtualHost *:8113
<VirtualHost *:8113>
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www
...	
    RailsAutoDetect off
    RailsBaseURI /apps/contacts

    SSLEngine On
    SSLCertificateFile /etc/apache2/ssl/apache.pem
</VirtualHost>

E0800350=====================================================================
S0800400=====================================================================

cd /etc/apache2/sites-enabled
ln -s /etc/apache2/sites-available/ssl 000-ssl

/etc/init.d/apache2 stop
/etc/init.d/apache2 start

https://www.abcd.ox.ac.uk:8113/apps/contacts/phones
http://www.abcd.ox.ac.uk:8110/apps/contacts/phones

E0800400=====================================================================
S0800500=====================================================================

cd /etc/apache2/sites-available
ed default <<'%'
g;RailsBaseURI /apps/contacts;d
$i
    <Location "/contacts/">
        Order deny,allow
        Deny from all
    </Location>

.
w
q
%

/etc/init.d/apache2 stop
/etc/init.d/apache2 start

https://www.abcd.ox.ac.uk:8113/apps/contacts/phones
http://www.abcd.ox.ac.uk:8110/apps/contacts/phones

E0800500=====================================================================
S0800600=====================================================================

cd /var/apps/contacts
ed app/controllers/phones_controller.rb <<%
/class PhonesCon/a
  before_filter :authenticate, :except => [ :index ]

.
/^end/i

  private

  def authenticate
    authenticate_or_request_with_http_basic do |user, pass|
      user=="UN4login" && pass=="PW4login"
    end
  end
.
w
q
%

/etc/init.d/apache2 stop
/etc/init.d/apache2 start

E0800600=====================================================================
S0800605=====================================================================

https://www.abcd.ox.ac.uk:8113/apps/contacts/phones
https://www.abcd.ox.ac.uk:8113/apps/contacts/phones/new

E0800605=====================================================================
S1000050=====================================================================

cd /var/apps/contacts
ed app/controllers/phones_controller.rb <<'%'
/class PhonesController/a
  skip_before_filter :verify_authenticity_token
.
w
q
%

E1000050=====================================================================
S1000100=====================================================================

curl \
  -k \
  https://www.abcd.ox.ac.uk:8113/apps/contacts/phones.xml

E1000100=====================================================================
S1000200=====================================================================

curl \
  -k \
  -u UN4login:PW4login \
  https://www.abcd.ox.ac.uk:8113/apps/contacts/phones/2.xml

E1000200=====================================================================
S1000300=====================================================================

curl \
  -k \
  -d '_method=delete' \
  -u UN4login:PW4login \
  https://www.abcd.ox.ac.uk:8113/apps/contacts/phones/2.xml
curl \
  -k \
  https://www.abcd.ox.ac.uk:8113/apps/contacts/phones.xml

E1000300=====================================================================
S1000400=====================================================================

curl \
  -k \
  -d "phone[name]=lisa" \
  -d "phone[number]=23456" \
  -u UN4login:PW4login \
  https://www.abcd.ox.ac.uk:8113/apps/contacts/phones.xml
curl \
  -k \
  https://www.abcd.ox.ac.uk:8113/apps/contacts/phones.xml

E1000400=====================================================================
S1000500=====================================================================

curl \
  -k \
  -d '_method=put' \
  -d 'phone[name]=dave' \
  -d 'phone[number]=12345' \
  -u UN4login:PW4login \
  https://www.abcd.ox.ac.uk:8113/apps/contacts/phones/3.xml
curl \
  -k \
  https://www.abcd.ox.ac.uk:8113/apps/contacts/phones.xml

E1000500=====================================================================
S1200020=====================================================================

apt-get install libapache2-webauth

E1200020=====================================================================
S1200030=====================================================================

cd /etc/apache2/mods-enabled
ln -s /etc/apache2/mods-available/webauth.conf .
ln -s /etc/apache2/mods-available/webauth.load .

E1200030=====================================================================
S1200040=====================================================================

ps -ef | grep ntp

E1200040=====================================================================
S1200050=====================================================================

cat >/etc/krb5.conf <<'%'
[libdefaults]
        default_realm = OX.AC.UK

[realms]
OX.AC.UK = {
        kdc = kdc0.ox.ac.uk
        kdc = kdc1.ox.ac.uk
        kdc = kdc2.ox.ac.uk
        admin_server = kdc-admin.ox.ac.uk
}

[domain_realm]
        .ox.ac.uk = OX.AC.UK
        ox.ac.uk = OX.AC.UK
%

E1200050=====================================================================
S1200060=====================================================================

apt-get install krb5-user

mkdir /etc/apache2/webauth
kadmin -p abcd0001/itss \
-q "ktadd -k /etc/apache2/webauth/keytab "\
" webauth/www.abcd.ox.ac.uk"
ZZZ

cd /etc/apache2/webauth
chown root:www-data keytab
chmod 640 keytab

E1200060=====================================================================
S1200070=====================================================================

cd /etc/apache2/mods-available
cat >webauth.conf <<'%'
# Set locations for various files used by mod_webauth
WebAuthKeyring webauth/keyring
WebAuthKeytab  webauth/keytab
WebAuthServiceTokenCache webauth/service_token_cache
WebAuthCredCacheDir webauth/cred_cache
# Point to the Oxford Webauth service
WebAuthLoginURL https://webauth.ox.ac.uk/login
WebAuthWebKdcURL https://webauth.ox.ac.uk:8443/webkdc-service/
WebAuthWebKdcPrincipal service/webkdc@OX.AC.UK
# If you're having trouble switch on debugging
WebAuthDebug on
%

E1200070=====================================================================
S1200080=====================================================================

cd /etc/apache2/sites-available
ed ssl <<'%'
$i
    <Location /restricted>
      WebAuthExtraRedirect on
      AuthType WebAuth
      require valid-user
    </Location>

.
w
q
%

E1200080=====================================================================
S1200083=====================================================================

apt-get install libapache2-mod-php5 php5-mcrypt

E1200083=====================================================================
S1200085=====================================================================

/etc/init.d/apache2 stop
/etc/init.d/apache2 start

mkdir /var/www/restricted
echo '<?php phpinfo(); ?>' >/var/www/restricted/phpinfo.php
https://www.abcd.ox.ac.uk:8113/restricted/phpinfo.php
rm /var/www/restricted/phpinfo.php

E1200085=====================================================================
S1200090=====================================================================

cd /var/www/restricted
cat >rails.php <<'%'
<?php
   // thanks to:
   // http://jnylund.typepad.com/joels_blog/2007/11/cross-language-.html
   $key = "73267XtGjmQpsAzx";
   $username = $_SERVER['REMOTE_USER'];
   $url = $_GET["url"];
   $date = date("c");
   $input_string = 
         substr($date . $username . '                       ', 0, 48);
   $cipher_alg = MCRYPT_RIJNDAEL_128;
   $b64Encoded = "";
   for ($chunk_number = 0; $chunk_number < 3; $chunk_number++) {
      $chunk = substr($input_string, $chunk_number*16, 16);
      $encrypted_string =
            @mcrypt_encrypt($cipher_alg, $key, $chunk, MCRYPT_MODE_CBC);
      $b64Encoded .= base64_encode($encrypted_string);
   }
   header('Location: ' . $url . '?id=' . urlencode($b64Encoded));
?>
%

E1200090=====================================================================
S1200095=====================================================================

cd /var/apps/contacts
rake db:sessions:create
cd /var/apps/contacts/db/migrate
cat *_create_sessions.rb
cd /var/apps/contacts
rake db:migrate

ed config/environment.rb <<%
g/# config.action_controller.session_store/s/# //p
w
q
%

ed app/controllers/application.rb <<%
/protect_from_forgery/s/#//p
w
q
%

E1200095=====================================================================
S1200100=====================================================================

cd /var/apps/contacts
head -12 config/routes.rb
ed config/routes.rb <<'%'
g/map.resources :phones/s/$/, :collection => { :login => :get }/p
w
q
%
head -12 config/routes.rb

E1200100=====================================================================
S1200150=====================================================================

cd /var/apps/contacts
ed app/controllers/phones_controller.rb <<'%'
g/ *before_filter/d
1a
  before_filter :authenticate, :except => [ :index, :login ]
.
w
q
%

E1200150=====================================================================
S1200200=====================================================================

cd /var/apps/contacts
ed app/controllers/phones_controller.rb <<'%'
/^ *private/,$-1d
w
q
%
ed app/controllers/phones_controller.rb <<'%'
/^  def login/-1
.,/^  end/d
w
q
%
ed app/controllers/phones_controller.rb <<'%'
$i

  def login
    valid_usernames = ["abcd0001"]
    max_diff_seconds = 10
    if login_is_OK(valid_usernames, max_diff_seconds)
      session[:user_id] = "OK"
    else
      session[:user_id] = "BAD"
    end
    respond_to do |format|
      format.html # login.rhtml
    end
  end

  private

  def login_is_OK(usernames, max_diff_seconds)
    require 'crypt/rijndael'
    key = '73267XtGjmQpsAzx'
    rijndael = Crypt::Rijndael.new(key, 128, 128)
    b64in = params[:id][ 0..23]
    bbyte = Base64.decode64(b64in)
    decoded_parameter = rijndael.decrypt_block(bbyte)
    b64in = params[:id][24..47]
    bbyte = Base64.decode64(b64in)
    decoded_parameter += rijndael.decrypt_block(bbyte)
    b64in = params[:id][48..71]
    bbyte = Base64.decode64(b64in)
    decoded_parameter += rijndael.decrypt_block(bbyte)
    datetime_string = decoded_parameter[0..24]
    username = decoded_parameter[25..-1].strip
    require 'parsedate'
    datetime_array = ParseDate.parsedate(datetime_string)
    datetime_timestamp = Time.local(*datetime_array) 
    now_timestamp = Time.now()
    diff_seconds = now_timestamp.to_i - datetime_timestamp.to_i
    return diff_seconds>=0 && diff_seconds<=max_diff_seconds &&
                              usernames.include?(username)
  end

  def authenticate
    if session[:user_id] == "OK"
      true
    else
      render :nothing => true, :status => 401
    end
  end
.
w
q
%

E1200200=====================================================================
S1200300=====================================================================

cd /var/apps/contacts
cat > app/views/phones/login.html.erb <<'%'
<h1><%= session[:user_id] %></h1>
<%= link_to 'Back', phones_path %>
%

E1200300=====================================================================
S1200500=====================================================================

gem install crypt

/etc/init.d/apache2 stop
/etc/init.d/apache2 start

https://www.abcd.ox.ac.uk:8113/restricted/rails.php
 ?url=https://www.abcd.ox.ac.uk:8113/apps/contacts/phones/login

E1200500=====================================================================
S1200550=====================================================================

https://www.abcd.ox.ac.uk/abcd0001_html/restricted/rails.php?url=https://www.abcd.ox.ac.uk/apps/contactswa/phones/login

E1200550=====================================================================
S1405010=====================================================================

http://localhost:3000/phones/search/*row*

E1405010=====================================================================
S1405020=====================================================================

map.resources :phones

E1405020=====================================================================
S1405030=====================================================================

map.resources :phones, :collection => hash1, :member => hash2

E1405030=====================================================================
S1405040=====================================================================

map.resources :phones, :collection => { :search => :get }

E1405040=====================================================================
S1405100=====================================================================

cd /var/apps/contacts
head -12 config/routes.rb
ed config/routes.rb <<'%'
g/map.resources :phones/s/$/, :collection => { :search => :get }/p
w
q
%
head -12 config/routes.rb

E1405100=====================================================================
S1405200=====================================================================

cd /var/apps/contacts
ed app/controllers/phones_controller.rb <<'%'
$i

  def search
    pattern = params[:id].gsub(/\*/, "%")
    @phones = Phone.find(:all,
                         :conditions => ["name like ?", pattern],
                         :order      => "name ASC"
                        )

    respond_to do |format|
      format.html # search.html.erb
      format.xml  { render :xml => @phones }
    end
  end

.
w
q
%

E1405200=====================================================================
S1405300=====================================================================

cd /var/apps/contacts
ed app/views/phones/index.html.erb <<'%'
g/<h1>/s;.*;<h1>Result of searching for phones</h1>;p
w app/views/phones/search.html.erb
q
%

E1405300=====================================================================
S1405400=====================================================================

http://localhost:3000/phones/search/*own

E1405400=====================================================================
S1405450=====================================================================

http://localhost:3000/phones/search/br*

E1405450=====================================================================
S9903900=====================================================================

TO REMOVE:
OUTSIDE sudo chroot /var/chroots/rails-chroot
ps -ef | grep ruby
kill -KILL pid
/etc/init.d/mysql stop
exit

sudo umount /var/chroots/rails-chroot/proc
sudo rm -r /var/chroots/rails-chroot