Today I needed to password-protect a Redmine installation. I’ve typically used mod_auth_mysql for similar projects, but Redmine uses a salted password format that’s incompatible with mod_auth_mysql. So, I turned to Apache/Perl authentication, a first for me (I rarely touch Perl) and was able to make it work.

1. Install mod_perl, and the DBI, MySQL, and Digest (SHA1) Perl modules.

   $ apt-get install libapache-dbi-perl libapache2-mod-perl2 libdbd-mysql-perl libdigest-sha1-perl
   

2. Copy Redmine.pm to the appropriate Perl location.

   $ cd /path/to/redmine
   $ mkdir -p /usr/lib/perl5/Apache/Authn
   $ cp extra/svn/Redmine.pm /usr/lib/perl5/Apache/Authn/
   

3. Perhaps I’m not using Redmine’s projects/members/permissions correctly, but I had to patch Redmine.pm to get it to work for me. I greatly simplified the SQL statement used to authenticate a user. There’s no sense of permissions; it’s simply a yes/no for authenticated users.

   --- Redmine.pm	2011-11-12 17:33:10.000000000 -0700
   +++ Redmine.richardkmiller.pm	2011-11-12 17:37:26.000000000 -0700
   @@ -148,16 +148,11 @@
      my ($self, $parms, $arg) = @_;
      $self->{RedmineDSN} = $arg;
      my $query = "SELECT
   -                 hashed_password, salt, auth_source_id, permissions
   -              FROM members, projects, users, roles, member_roles
   +                 hashed_password, salt
   +              FROM users
                  WHERE
   -                projects.id=members.project_id
   -                AND member_roles.member_id=members.id
   -                AND users.id=members.user_id
   -                AND roles.id=member_roles.role_id
   -                AND users.status=1
   -                AND login=?
   -                AND identifier=? ";
   +                    users.status=1
   +                AND login=?";
      $self->{RedmineQuery} = trim($query);
    }
   
   @@ -336,11 +331,12 @@
      }
      my $query = $cfg->{RedmineQuery};
      my $sth = $dbh->prepare($query);
   -  $sth->execute($redmine_user, $project_id);
   +  $sth->execute($redmine_user);
   
      my $ret;
   -  while (my ($hashed_password, $salt, $auth_source_id, $permissions) = $sth->fetchrow_array) {
   -
   +  while (my ($hashed_password, $salt) = $sth->fetchrow_array) {
   +      my $permissions = ":commit_access";
   +      my $auth_source_id = 0;
          unless ($auth_source_id) {
    	  			my $method = $r->method;
              my $salted_password = Digest::SHA1::sha1_hex($salt.$pass_digest);
   

4. Configure and restart Apache.

   <virtualhost *:80>
       ServerName example.com
       DocumentRoot "/var/www/sites/example.com/public"
       RailsEnv production
   
       PerlLoadModule Apache::Authn::Redmine
   
       <directory "/var/www/sites/example.com/public">
           AuthType basic
           AuthName "Private Area"
           Require valid-user
           PerlAccessHandler Apache::Authn::Redmine::access_handler
           PerlAuthenHandler Apache::Authn::Redmine::authen_handler
           RedmineDSN "DBI:mysql:database=my_database;host=localhost"
           RedmineDbUser my_db_user
           RedmineDbPass my_db_password
       </directory>
   </virtualhost>
   

By the way, I’m running Ubuntu 11.10 (oneiric), Apache 2.2, MySQL 5.1, and Redmine 1.2.2.

This will be the most technical of my posts in the Amtrak series, but it’s not just for computer geeks so stay with me. Here we go.

Ruby on Rails is a “web application framework”, a way for programmers to make web applications more easily and more quickly (and more enjoyably, as its creators would be quick to point out.) It was created by 37signals, the makers of Basecamp and other fine web apps, and has been one of the fastest growing programming environments of the last couple years. “Ruby” is the programming language and “Rails” is the set of additions that make it “fast” and “easy,” like a high-speed train. (Not a sight-seeing Amtrak.)

You probably see where this is going. As an exercise in literalness, I though it would be interesting to do a little Ruby on Rails programming while on the train, or in other words, Ruby on Rails on Rails. (Mitch Hedberg said “I’d like to see a forklift lift a crate of forks. It’d be so…literal. ‘Hey, you’re using that machine for its exact purpose!’”) See the pictures.

I have not delved into Rails as much as my local colleagues, but with the little I’ve used it, I’ve been impressed. By taking away the tedious parts of programming, it really does make programming more enjoyable. I know several good developers who prefer it.

Ruby on Rails enforces an architecture called “Model-View-Controller” (MVC), which is used heavily in Mac applications and well written web applications. Though not built on Rails, WordPress also uses an MVC architecture. If you have a WordPress blog, you know you can easily change the theme of your blog. This is thanks to the modular MVC architecture with which it was written.

Here’s where this applies to everyone: 37signals hasn’t only extracted Rails from their best programming practices, they’ve also extracted a book from their best business practices. I highly recommend Getting Real by 37signals, availably entirely for free on their website. They’ve given away their “cookbook” — what they’ve learned about marketing, project management, time management, hiring, agility, task prioritization, and more. I finished the book believing that small teams can do great things.

]]> http://richardkmiller.com/273/amtrak-series-ruby-on-rails-on-rails/feed 1