Labs/Weave/User/1.0/Setup: Difference between revisions

← Older edit

Labs/Weave/User/1.0/Setup (view source)

Revision as of 18:35, 28 January 2011

108 bytes added , 28 January 2011

→‎Captcha

Anna.sobiepanek

130

edits

@@ Line 4: / Line 4: @@
 == Pre-Setup Considerations ==
-It is strongly recommended that the Weave User Server be set up under https, or behind a firewall with an https proxy in front of it. It uses standard http auth (implemented in the code), which will send the password in the clear unless done over https.
+It is strongly recommended that the Weave Registration Server be set up under https, or behind a firewall with an https proxy in front of it. It uses standard http auth (implemented in the code), which will send the password in the clear unless done over https.
-The Weave Server requires PHP with PDO and JSON support installed. This should be the case if you are running PHP 5.1+. PDO will need drivers for whatever storage and authentications engines are used.
+The Weave Registration Server requires PHP with PDO, UTF8, mbstring, and JSON support installed. This should be the case if you are running PHP 5.1+. PDO will need drivers for whatever storage and authentications engines are used. Be sure to have locale en_US.utf8 (check with locale -a).
 WebDav must not be enabled for this server - it intercepts some of the http packets and syncing will fail.
@@ Line 12: / Line 12: @@
 == Setting up the Server ==
-) You can get the latest server from http://hg.mozilla.org/labs/weaveserver (there you can download it in different formats). Once things are fully established, we'll declare certain builds as stable, but for now assume all releases are beta quality. Unzip it into your html tree.
+) You can get the latest server from http://hg.mozilla.org/services/reg-server/
 ) Edit your apache conf files to add the following:
 <pre>
-Alias /user/1 <full path to weave directory>/server/user/1/index.php
+Alias /user/1.0 <full path to weave directory>/weaveserver-registration/1.0/index.php
+Alias /user/1 <full path to weave directory>/weaveserver-registration/1.0/index.php
 </pre>
+(the second one is just for backwards compatibility)
-) Copy /server/user/1.0/weave_user_constants.php.dist to weave_user_constants.php and edit it as described below.
+) Copy weaveserver-registration/1.0/weave_user_constants.php.dist to weave_user_constants.php and edit it as described below.
 == Setting up Weave Authentication ==
@@ Line 26: / Line 28: @@
 In weave_user_constants.php
 <pre>
-define('WEAVE_AUTH_ENGINE', '[mysql|ldap|none]');
+define('WEAVE_AUTH_ENGINE', '[mysql|mozilla]');
 </pre>
@@ Line 40: / Line 42: @@
 <pre>
-CREATE TABLE `users` (
+create table users (
-  id int(11) NOT NULL PRIMARY KEY auto_increment,
+ id int(11) NOT NULL PRIMARY KEY auto_increment,
-  username varbinary(32) NOT NULL,
+ username varchar(32),
-  md5 varbinary(32) default NULL,
+ password_hash varbinary(128),
-  email varbinary(64) default NULL,
+ email varbinary(64),
-  location text,
+ status tinyint(4) default '1',
-  status tinyint(4) default '1',
+ alert text,
-  alert text
+ reset varbinary(32) default null,
-) ENGINE=InnoDB;</pre>
+ reset_expiration datetime
+) engine=InnoDB;</pre>
 Constants:
@@ Line 60: / Line 63: @@
 (Note that you don't need to define the second set of constants if you are using the same db for reads and writes)
+If you want to use the more secure SHA256 algorithm for hashing passwords, set
+<pre>
+define('WEAVE_SHA_SALT', '<salt>');
+</pre>
+if you have older users (pre SHA-availability), or want to fall back to md5:
+<pre>
+define('WEAVE_MD5_FALLBACK', false);
+</pre>
 You can create users directly in mysql with the following command:
 <pre>
-insert into users (username, md5, status) values ('username', md5('password'), 1);
+insert into users (username, password_hash, status) values ('username', md5('password'), 1);
 </pre>
-But it is recommended to use the create_user.pl script after setting up the admin-interface (see below).
+However, this requires you to either not use a salted SHA, or to have the ability to fallback to md5.
 == Captcha ==
-If you wish to use a captcha for your account creation, you will need to get yourself a public key and private key from http://recaptcha.net/. Put those keys in the weave_user_constants.php file and change WEAVE_REGISTER_USE_CAPTCHA to 1. Also copy /server/misc/1/weave_misc_constants.php.dist to weave_misc_constants.php and add your keys there as well.
+If you wish to use a captcha for your account creation, you will need to get yourself a public key and private key from http://recaptcha.net/. Put those keys in the weave_user_constants.php file and change WEAVE_REGISTER_USE_CAPTCHA to 1.
+Note: The PHP mbstring extension is needed for captcha.
 To serve up the captchas, use the
 <pre>
-Alias /misc/1.0/captcha_html <full path to weave user directory>/weave-registration/1.0/captcha.php
+Alias /misc/1.0/captcha_html <full path to weave user directory>/weaveserver-registration/1.0/captcha.php
 </pre>
@@ Line 86: / Line 102: @@
 this will enable you to pass a secret as an 'X-Weave-Secret' header that overrides captcha and auth requirements.
-Accounts can be created, passwords changed and accounts deleted through the create_user.pl script. Make sure to change the constants in the header to match your local install.
 ==Editing the Client==
 In about:config, set extensions.weave.ServerUrl to https://servername/user