Personal tools

Labs/Weave/User/1.0/Setup

From MozillaWiki

Jump to: navigation, search

Setting up Weave Sync

It is strongly recommended that you use the [Weave Minimal Server] rather than a full install.

Contents

Pre-Setup Considerations

It is strongly recommended that the Weave Registration Server be set up under https, or behind a firewall with an https proxy in front of it. It uses standard http auth (implemented in the code), which will send the password in the clear unless done over https.

The Weave Registration Server requires PHP with PDO, UTF8, mbstring, and JSON support installed. This should be the case if you are running PHP 5.1+. PDO will need drivers for whatever storage and authentications engines are used. Be sure to have locale en_US.utf8 (check with locale -a).

WebDav must not be enabled for this server - it intercepts some of the http packets and syncing will fail.

Setting up the Server

1) You can get the latest server from http://hg.mozilla.org/services/reg-server/

2) Edit your apache conf files to add the following:

Alias /user/1.0 <full path to weave directory>/weaveserver-registration/1.0/index.php
Alias /user/1 <full path to weave directory>/weaveserver-registration/1.0/index.php

(the second one is just for backwards compatibility)

3) Copy weaveserver-registration/1.0/weave_user_constants.php.dist to weave_user_constants.php and edit it as described below.

Setting up Weave Authentication

In weave_user_constants.php

define('WEAVE_AUTH_ENGINE', '[mysql|mozilla]');

so for example

define('WEAVE_AUTH_ENGINE', 'mysql');

Mysql

Create the mysql database. Add the following tables:

create table users (
 id int(11) NOT NULL PRIMARY KEY auto_increment,
 username varchar(32),
 password_hash varbinary(128),
 email varbinary(64),
 status tinyint(4) default '1',
 alert text,
 reset varbinary(32) default null,
 reset_expiration datetime
) engine=InnoDB;

Constants:

define('WEAVE_MYSQL_AUTH_HOST', '<db host>');
define('WEAVE_MYSQL_AUTH_DB', '<db name>');
define('WEAVE_MYSQL_AUTH_USER', '<db username>');
define('WEAVE_MYSQL_AUTH_PASS', '<db password>');

(Note that you don't need to define the second set of constants if you are using the same db for reads and writes)

If you want to use the more secure SHA256 algorithm for hashing passwords, set

define('WEAVE_SHA_SALT', '<salt>'); 

if you have older users (pre SHA-availability), or want to fall back to md5:

define('WEAVE_MD5_FALLBACK', false);

You can create users directly in mysql with the following command:

insert into users (username, password_hash, status) values ('username', md5('password'), 1);

However, this requires you to either not use a salted SHA, or to have the ability to fallback to md5.

Captcha

If you wish to use a captcha for your account creation, you will need to get yourself a public key and private key from http://recaptcha.net/. Put those keys in the weave_user_constants.php file and change WEAVE_REGISTER_USE_CAPTCHA to 1. Note: The PHP mbstring extension is needed for captcha.

To serve up the captchas, use the

Alias /misc/1.0/captcha_html <full path to weave user directory>/weaveserver-registration/1.0/captcha.php 

Admin Access

If you want to be able to programmatically create and delete accounts, you will need to enable the secret for the machine and change it from null

if (!defined('WEAVE_REGISTER_ADMIN_SECRET')) { define('WEAVE_REGISTER_ADMIN_SECRET', null); }

this will enable you to pass a secret as an 'X-Weave-Secret' header that overrides captcha and auth requirements.

Editing the Client

In about:config, set extensions.weave.ServerUrl to https://servername/user