<div dir="ltr">Hi,<div>I started to implement the "export" feature :</div><div><br></div><div>- <a href="https://github.com/aerogear/aerogear-unifiedpush-server/pull/435">https://github.com/aerogear/aerogear-unifiedpush-server/pull/435</a></div><div><br></div><div>Also a really short screencast showing how it works : <a href="https://www.youtube.com/watch?v=HFXesTHh4PM&feature=youtu.be">https://www.youtube.com/watch?v=HFXesTHh4PM&feature=youtu.be</a></div><div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Nov 13, 2014 at 2:52 PM, Sebastien Blanc <span dir="ltr"><<a href="mailto:scm.blanc@gmail.com" target="_blank">scm.blanc@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote"><span class="">On Wed, Nov 12, 2014 at 12:36 PM, Sebastien Blanc <span dir="ltr"><<a href="mailto:scm.blanc@gmail.com" target="_blank">scm.blanc@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote"><span>On Wed, Nov 12, 2014 at 11:15 AM, Stefan Miklosovic <span dir="ltr"><<a href="mailto:smikloso@redhat.com" target="_blank">smikloso@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div style="font-family:times new roman,new york,times,serif;font-size:12pt;color:#000000"><div><p style="margin:0px">Hi,</p><p style="margin:0px"><br></p><p style="margin:0px">I have two comments. The first one is about JSON export of an Installation. You declare it is like this when it comes to categories:</p><p style="margin:0px"><br></p><p style="margin:0px">"categories" : ["football", "sport"]</p><p style="margin:0px"><br></p><p style="margin:0px">However, with the current UPS of version 1.0.2, when you register some installation, it returns you this <a href="https://issues.jboss.org/browse/AGPUSH-1093" target="_blank">https://issues.jboss.org/browse/AGPUSH-1093</a></p><p style="margin:0px"><br></p><p style="margin:0px">This issue should be addressed and since exporting of installations more or less means to marshall them into JSON, you hit this issue for sure so model should be updated to return only array of category names instead of its JSON representation.</p></div></div></div></blockquote></span><div>Ok good catch, I will keep this ticket in mind </div><span><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div style="font-family:times new roman,new york,times,serif;font-size:12pt;color:#000000"><div><p style="margin:0px"><br></p><p style="margin:0px">The second comment is about security. I am begging you here from QA team to make it doable via REST and not (only) via UPS console because it simplifies tons of hacking around the code. Right now we are doing whole import by adding custom JAX-RS endpoints on top of UPS, we generate applications, variants and installations randomly as JSONs and send them to UPS to these batch endpoints and we are calling services to persist them.</p></div></div></div></blockquote></span><div>I know, for now you can access it through rest, but tbh I want to have the security expert feedback on this and if we decide it's too insecure we will have to change it </div></div></div></div></blockquote><div><br></div></span><div>So I have been thinking more on this and sorry Stefan, I think we will not allow export using basic auth , it;s to insecure, just with variantId/variantSecret someone would be able to retrieve all the device tokens.</div><div><div class="h5"><div><br></div><div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div><div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div style="font-family:times new roman,new york,times,serif;font-size:12pt;color:#000000"><div><p style="margin:0px"><br></p><p style="margin:0px">You can find it here (1)</p><p style="margin:0px"><br></p><p style="margin:0px">In case this would be done via REST, it would be no-brainer and huge time saver for QA guys.</p><p style="margin:0px"><br></p><p style="margin:0px">(1) <a href="https://github.com/smiklosovic/aerogear-unifiedpush-server/commit/f7fe2f5f58a8882aa5a3362d07a208c37b0d4403" title="https://github.com/smiklosovic/aerogear-unifiedpush-server/commit/f7fe2f5f58a8882aa5a3362d07a208c37b0d4403" target="_blank"><span style="font-size:16.3636360168457px">https://github.com/smiklosovic/aerogear-unifiedpush-server/commit/f7fe2f5f58a8882aa5a3362d07a208c37b0d4403</span></a></p></div><div><br></div><div>Thanks</div><div><br></div><div><span name="x"></span>Stefan Miklosovic<br>Red Hat Brno - JBoss Mobile Platform<br><div><br></div>e-mail: <a href="mailto:smikloso@redhat.com" target="_blank">smikloso@redhat.com</a><br>irc: smikloso<span name="x"></span><br></div><div><br></div><hr><blockquote style="border-left:2px solid #1010ff;margin-left:5px;padding-left:5px;color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt"><div><div><div dir="ltr"><p style="margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:20.479999542236328px;margin-top:0px!important">Hi,</p><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:20.479999542236328px">I would like to start a discussion around the import/export of installations in UPS. To track all the tasks, we have a ticket[1] also containing some sub-tasks.</p><h2 style="margin-top:1em;margin-bottom:16px;line-height:1.225;font-size:1.75em;padding-bottom:0.3em;border-bottom-width:1px;border-bottom-style:solid;border-bottom-color:rgb(238,238,238);color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif"><a name="149a96cfb3eb0b8a_149a3cab6fbb85f9_149a3807a78b59b9_user-content-scope" href="https://gist.github.com/sebastienblanc/b863b80380f8ed16ad7b#scope" rel="noreferrer" style="color:rgb(65,131,196);text-decoration:none;display:block;padding-right:6px;padding-left:30px" target="_blank"></a>Scope</h2><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:20.479999542236328px">For now we stick to installations, meanning we can import or export installations from a particular Variant. Import/Export for Variants will maybe come later but due to some security issues (mainly for iOS cert/passphrase) it's on hold.</p><h2 style="margin-top:1em;margin-bottom:16px;line-height:1.225;font-size:1.75em;padding-bottom:0.3em;border-bottom-width:1px;border-bottom-style:solid;border-bottom-color:rgb(238,238,238);color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif"><a name="149a96cfb3eb0b8a_149a3cab6fbb85f9_149a3807a78b59b9_user-content-import-service" href="https://gist.github.com/sebastienblanc/b863b80380f8ed16ad7b#import-service" rel="noreferrer" style="color:rgb(65,131,196);text-decoration:none;display:block;padding-right:6px;padding-left:30px" target="_blank"></a>Import Service</h2><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:20.479999542236328px">That's an easy one ;) since the service already exist [2]. It's a REST service and it uses the VariantId/Secret combination to authenticate.</p><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:20.479999542236328px">Data format looks like :</p><pre style="font-family:Consolas,'Liberation Mono',Menlo,Courier,monospace;font-size:13.600000381469727px;margin-top:0px;margin-bottom:16px;padding:16px;overflow:auto;line-height:1.45;background-color:rgb(247,247,247);border-top-left-radius:3px;border-top-right-radius:3px;border-bottom-right-radius:3px;border-bottom-left-radius:3px;word-wrap:normal;color:rgb(51,51,51)"><code style="font-family:Consolas,'Liberation Mono',Menlo,Courier,monospace;padding:0px;margin:0px;background-color:transparent;border-top-left-radius:3px;border-top-right-radius:3px;border-bottom-right-radius:3px;border-bottom-left-radius:3px;word-break:normal;border:0px;display:inline;line-height:inherit;word-wrap:normal">[
{
"deviceToken" : "someTokenString",
"deviceType" : "iPad",
"operatingSystem" : "iOS",
"osVersion" : "6.1.2",
"alias" : "someUsername or email adress...",
"categories" : ["football", "sport"]
},
{
"deviceToken" : "someOtherTokenString",
...
},
...
]
</code></pre><h2 style="margin-top:1em;margin-bottom:16px;line-height:1.225;font-size:1.75em;padding-bottom:0.3em;border-bottom-width:1px;border-bottom-style:solid;border-bottom-color:rgb(238,238,238);color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif"><a name="149a96cfb3eb0b8a_149a3cab6fbb85f9_149a3807a78b59b9_user-content-export-service" href="https://gist.github.com/sebastienblanc/b863b80380f8ed16ad7b#export-service" rel="noreferrer" style="color:rgb(65,131,196);text-decoration:none;display:block;padding-right:6px;padding-left:30px" target="_blank"></a>Export Service</h2><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:20.479999542236328px">Like import, it will use the variantId/secret combo to authenticate and retrieve the right variant to export the installations. The data structure format would of course looks like the one used for import.</p><h3 style="margin-top:1em;margin-bottom:16px;line-height:1.43;font-size:1.5em;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif"><a name="149a96cfb3eb0b8a_149a3cab6fbb85f9_149a3807a78b59b9_user-content-output-format" href="https://gist.github.com/sebastienblanc/b863b80380f8ed16ad7b#output-format" rel="noreferrer" style="color:rgb(65,131,196);text-decoration:none;display:block;padding-right:6px;padding-left:30px" target="_blank"></a>Output format</h3><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:20.479999542236328px">How should provide the exported data ? I need your input here 1. Raw Json ? 2. Json file ? 3. Zip / tarball ?</p><h2 style="margin-top:1em;margin-bottom:16px;line-height:1.225;font-size:1.75em;padding-bottom:0.3em;border-bottom-width:1px;border-bottom-style:solid;border-bottom-color:rgb(238,238,238);color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif"><a name="149a96cfb3eb0b8a_149a3cab6fbb85f9_149a3807a78b59b9_user-content-ui" href="https://gist.github.com/sebastienblanc/b863b80380f8ed16ad7b#ui" rel="noreferrer" style="color:rgb(65,131,196);text-decoration:none;display:block;padding-right:6px;padding-left:30px" target="_blank"></a>UI</h2><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:20.479999542236328px">UI should be a <em>nice to have</em></p><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:20.479999542236328px">I would suggest to add 2 items (import and export) in the contextual menu that you can see in this screenshot :</p><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:20.479999542236328px"><a href="https://camo.githubusercontent.com/94f19f69e50a217e89363aefe52912c9b33f6355/687474703a2f2f7331352e706f7374696d672e6f72672f6779626b72737a73622f696d706f72746578706f72742e706e67" rel="noreferrer" style="color:rgb(65,131,196);text-decoration:none" target="_blank"><img alt="" style="border:0px;max-width:100%" src="https://camo.githubusercontent.com/94f19f69e50a217e89363aefe52912c9b33f6355/687474703a2f2f7331352e706f7374696d672e6f72672f6779626b72737a73622f696d706f72746578706f72742e706e67"></a></p><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:20.479999542236328px">For import, the user will have a <code>file</code> input and feedback on how many installations were imported. For export, the user just have to press an <code>export</code> button</p><h2 style="margin-top:1em;margin-bottom:16px;line-height:1.225;font-size:1.75em;padding-bottom:0.3em;border-bottom-width:1px;border-bottom-style:solid;border-bottom-color:rgb(238,238,238);color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif"><a name="149a96cfb3eb0b8a_149a3cab6fbb85f9_149a3807a78b59b9_user-content-migration-issues" href="https://gist.github.com/sebastienblanc/b863b80380f8ed16ad7b#migration-issues" rel="noreferrer" style="color:rgb(65,131,196);text-decoration:none;display:block;padding-right:6px;padding-left:30px" target="_blank"></a>Migration issues</h2><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:20.479999542236328px">So, that is a very important point that I would like to discuss. Even if we are able to import installations, the <strong>variantID_ and the __variantSecret</strong> will not match with those that are in the Clients.</p><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:20.479999542236328px">Imagine the following scenario : I export 15000 installations, my datacenter burns, I create a new UPS instance, with a new Push App and a new Variant (so new VariantID and VariantSecret), then I inport the installations. Well, my 15000 clients will point to the wrong variant. For sure, they can be updated but that might not always be an option.</p><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:20.479999542236328px">That is why I would like suggest the following change : Make <strong>VariantId</strong> and <strong>VariantSecret</strong> editable, so after someone has done an import he can change the values of the variants so it matches the clients.</p><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:20.479999542236328px">I know we had this discussion before, but in the future we might want to change the naming around VariantId and VariantSecret, to me it sounds more like <strong>variantAPIKey</strong> / <strong>variantAPISecret</strong></p><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:20.479999542236328px">wdyt ?</p><h2 style="margin-top:1em;margin-bottom:16px;line-height:1.225;font-size:1.75em;padding-bottom:0.3em;border-bottom-width:1px;border-bottom-style:solid;border-bottom-color:rgb(238,238,238);color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif"><a name="149a96cfb3eb0b8a_149a3cab6fbb85f9_149a3807a78b59b9_user-content-security" href="https://gist.github.com/sebastienblanc/b863b80380f8ed16ad7b#security" rel="noreferrer" style="color:rgb(65,131,196);text-decoration:none;display:block;padding-right:6px;padding-left:30px" target="_blank"></a>Security</h2><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:20.479999542236328px">As said before, import/export uses variantId/variantSecret to authenticate. So if someone has access to these keys he could make a malicious import of 500k installations. What should we do for that ? We could give this access only to authenticated "console" users but then it would be hard to expose import/export as rest service (because of KC implication)</p><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:20.479999542236328px">Please comment, ask questions , be crazy ...</p><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:20.479999542236328px">Sebi</p><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:20.479999542236328px">[1] <a href="https://issues.jboss.org/browse/AGPUSH-978" rel="noreferrer" style="color:rgb(65,131,196);text-decoration:none" target="_blank">https://issues.jboss.org/browse/AGPUSH-978</a></p><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:20.479999542236328px">[2] <a href="http://aerogear.org/docs/specs/aerogear-unifiedpush-rest/registry/device/importer/index.html" rel="noreferrer" style="color:rgb(65,131,196);text-decoration:none" target="_blank">http://aerogear.org/docs/specs/aerogear-unifiedpush-rest/registry/device/importer/index.html</a></p></div><br></div></div><span>_______________________________________________<br>aerogear-dev mailing list<br><a href="mailto:aerogear-dev@lists.jboss.org" target="_blank">aerogear-dev@lists.jboss.org</a><br><a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a></span></blockquote><div><br></div></div></div><br>_______________________________________________<br>
aerogear-dev mailing list<br>
<a href="mailto:aerogear-dev@lists.jboss.org" target="_blank">aerogear-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br></blockquote></div></div></div><br></div></div>
</blockquote></div></div></div><br></div></div>
</blockquote></div><br></div>