Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

When failing to update over HTTPS, let the user update over HTTP #7429

Merged
merged 7 commits into from Mar 16, 2015
Merged

When failing to update over HTTPS, let the user update over HTTP #7429

merged 7 commits into from Mar 16, 2015

Conversation

mnapoli
Copy link
Contributor

@mnapoli mnapoli commented Mar 14, 2015

In #6441 we added support for updating over HTTPS but in some situations this will fail:

In every case except the first one the user has legitimate reasons to ignore the HTTPS error and update via HTTP.

To address that, the user will be shown this screen if downloading the archive over HTTPS fails:

Please note that if the system doesn't support HTTPS downloads, it will use HTTP automatically so this use case is not related to this PR.

Technical details:

  • it will show the screen for any error while downloading over HTTPS, e.g. timeout or whatever. This is because the error messages depend on the method used (curl, fopen…) and the OS/PHP version so it's impossible to know exactly what went wrong. That's why we mustn't assume there is a MITM attack and don't be too alarming in the error message. Feedback on the wordings welcome.
  • includes UI tests
  • I moved existing CoreUpdater UI tests from tests/UI to the plugin folder
  • to cover the scenario of HTTPS update with UI tests I had to do the following changes:
    • refactored the updater by extracting the code of the controller into a Updater class using dependency injection
    • added a way to provide DI configuration in test fixtures: I've extracted this commit into Test fixtures can set up DI config #7434 for easier code review and discussions.
    • for my use case, I mock the Updater and simulate that 1) there is a new version available, 2) updating over HTTPS fails, 3) updating over HTTP succeeds
  • unfortunately the Updater itself is not tested but it wasn't before anyway. To test it I would have to mock many things so I'm not even sure it would be very meaningful. Anyway it's too hard today because there are too many things that are static/not using DI.
  • unrelated but I improved the diffviewer a bit (pushed that to master)

FYI looking at the diff commit by commit would probably be easier to read. Also the first commit here belong to #7434, it's better to review it in the separate PR.

TODO before merging:

TODO after merging:

  • remove the screenshots that were moved in this plugin from the UI screenshots repository (1 and 2)

@mnapoli mnapoli added Enhancement For new feature suggestions that enhance Matomo's capabilities or add a new report, new API etc. Needs Review PRs that need a code review labels Mar 14, 2015
@mnapoli mnapoli added this to the Piwik 2.12.0 milestone Mar 14, 2015
@mnapoli mnapoli mentioned this pull request Mar 14, 2015
Closed
@mnapoli
Copy link
Contributor Author

mnapoli commented Mar 14, 2015

Tests are now OK, the failing test is just a random failure: http://builds-artifacts.piwik.org/ui-tests.https-update/10924.7/screenshot-diffs/diffviewer.html

@mnapoli mnapoli mentioned this pull request Mar 15, 2015
Merged
@mnapoli
Copy link
Contributor Author

mnapoli commented Mar 15, 2015

I have extracted the "DI config in UI fixtures" commit into a separate pull request: #7434 That should allow an easier code review. #7434 Needs to be merged first.

@mattab
Copy link
Member

mattab commented Mar 16, 2015

Quick note about:

I moved existing CoreUpdater UI tests from tests/UI to the plugin folder

let's leave all "core plugins" screenshot tests in tests/UI/expected-screenshots (eg. in separate repo: https://github.com/piwik/piwik-ui-tests) - if we want to change it, let's open a new issue to discuss - but I suspect the piwik/piwik git repository size increase that would result, would be a blocker to making this change...

FYI why it's important:

  • moving only one core plugin tests to the plugin folder while all other tests are in the tests/UI adds some inconsistency.
  • the main reason we decided to leave the screenshot away from the main git repo piwik/piwik is because adding screenshots to the repo increases the size of the git repo significantly (especially when we start pushing new screenshots and history builds up). Unfortunately git repo size increase has a few disadvantages (slower CI builds, slower release process, slower deploy from git etc)

@mnapoli
Copy link
Contributor Author

mnapoli commented Mar 16, 2015

OK will do!

@mattab
Copy link
Member

mattab commented Mar 16, 2015

Very nice to see new UI tests for all these use cases 👍

PiwikUpdater_httpUpdateSuccess.png

The screenshot should maybe show the URL it is downloading from (the URL appears blank)

httpsUpdateFail

Let's see together the messaging and do small changes

Otherwise, looks good!

(we will need to test on production by releaseing b4 and then beta5 and testing upgrade from b4 to b5 using this new codebase)

@mnapoli
Copy link
Contributor Author

mnapoli commented Mar 16, 2015

I've moved the UI tests and the screenshots into the main tests directory (+ submodule).

The screenshot should maybe show the URL it is downloading from (the URL appears blank)

The URL is blank because the updater is mocked. If I show a URL here it will be a fake one so it could just confuse us in the future if the URL changes, that's why I'd rather leave it that way.

@mattab
Copy link
Member

mattab commented Mar 16, 2015

Final look and messaging looks good to me 👍 https://raw.githubusercontent.com/piwik/piwik-ui-tests/8fe69f4a0708df35348bf701be916ad87d3761e8/CoreUpdaterCode_httpsUpdateFail.png

Merging!

mattab pushed a commit that referenced this pull request Mar 16, 2015
Merge pull request #7429 from piwik/https-update
57d3e10 
When failing to update over HTTPS, let the user update over HTTP
@mattab mattab merged commit 57d3e10 into master Mar 16, 2015
@mnapoli mnapoli deleted the https-update branch March 16, 2015 04:57
@mattab mattab mentioned this pull request Mar 22, 2015
Merged
3 tasks
@mattab mattab added the not-in-changelog For issues or pull requests that should not be included in our release changelog on matomo.org. label Mar 22, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Enhancement For new feature suggestions that enhance Matomo's capabilities or add a new report, new API etc. Needs Review PRs that need a code review not-in-changelog For issues or pull requests that should not be included in our release changelog on matomo.org.
Projects
None yet
Milestone
2.12.0
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@mnapoli @mattab