The web in a box - a next generation web framework for the Perl programming language

IRC log for #mojo, 2014-07-29

| Channels | #mojo index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:06 sri ok, really... that "blow me" made me reconsider...
00:06 sri i'm not going to reward that with an answer
00:18 woz joined #mojo
00:18 sri yay, i have a SOCKS test
00:19 firnsy sri++
00:20 sri https://gist.github.com/anonymous/e05a38a68715ad2113c0 # looks a bit funky
00:30 sri no trolling on my watch
00:30 sri except for the fun kind of trolling
00:30 sri i'm all for that
00:31 riche joined #mojo
00:53 woz joined #mojo
00:54 sri now it's just socks5 authentication, and then waiting for the new IO::Socket::Socks release
00:54 zivester joined #mojo
00:55 marty wow, that github guy has a bad attitude.  Must be blue balls :P
00:56 riche marty: it is a lot of hot air if he can't prove it
00:56 sri https://gist.github.com/anonymous/099e09043de3349eeeb6 # latest version
00:56 sri whole discussion is pointless
00:57 sri cpan is insecure, get over it
00:57 riche of course, it should infer piping to less before piping to sh if he has an issue w it
00:58 marty security theatre!!!  Everybody dance!
00:58 preaction /o/ \o\ /o/ \o\
00:59 sri \o\
00:59 marty ~o~
00:59 riche minions
00:59 preaction [o] ]o[
01:00 Averna joined #mojo
01:09 davido__ joined #mojo
01:13 laouji joined #mojo
01:16 riche sri u have a mac air, no?
01:29 woz joined #mojo
01:45 klapperl_ joined #mojo
01:48 jb360 joined #mojo
02:05 woz joined #mojo
02:11 cooper joined #mojo
02:12 preaction pursueant to today's excitement: someone posted a MITM attack involving JARs http://blog.ontoillogical.com/blog/2014/07/28/how-to-take-over-any-java-developer/
02:18 noganex_ joined #mojo
02:30 riche preaction: it's a nice post ... highlights 'it pays to be secure' ... ouch bad pun
02:40 woz joined #mojo
03:15 woz joined #mojo
03:33 basic6 joined #mojo
03:50 hesco1 joined #mojo
03:51 woz joined #mojo
03:57 asarch joined #mojo
03:58 asarch Any one using HTML::FormHandler?
04:17 riche asarch: that's a 'no' from me
04:24 asarch :-(
04:24 asarch Thank you anyway :-)
04:27 woz joined #mojo
04:47 batman sri: +1 on socks support.
05:02 woz joined #mojo
05:23 riche 657 opens the issue du jour once again
05:25 preaction except in the third paragraph, OP says it isn't about that. it's about the productive discussion that was in 656
05:37 woz joined #mojo
05:46 * batman is tired. won't comment on 656 or 657.
05:46 batman will probably mess things up :/
05:46 riche the 656 'issue' was never about the OP content. it was the response to the OP's tone.
05:46 batman op?
05:46 purl i think op is pretty strictly defined
05:47 preaction Original Poster. a nice gender-neutral way of saying "the person who started the thread/issue/report/whathaveyou"
05:47 batman thanks
05:47 riche batman: as a project like this gets bigger, responses to people need to be more PC or else there will be a lot of negative community sentiment about Mojo
05:47 preaction no, purl, OP is the original poster of the thread, the one who started it all
05:47 purl okay, preaction.
05:49 batman i wonder what "they" think about go's import "github.com/user/project" ...
05:50 riche personally I would never pipe something to sh like that .. it gives me chills
05:51 batman but is it because you know how the two tools work or is it because you *know* that the `cpan` tool has some extra magic?
05:51 riche I think it's personal choice to be risk averse or not ... and if the individual doesn't know the risks involved, that's an education issue, not the project's
05:51 preaction nor i, but before today i basically trusted "cpan Mojolicious" to get me at least a checksummed archive
05:52 riche preaction: agreed
05:52 batman but you know it doesn't...?
05:52 preaction i know now
05:52 preaction but that doesn't change what i'm going to do
05:52 batman so now you get chills every time you do "cpan Mojolicious" as well..?
05:52 batman what are you going to do preaction?
05:53 riche lately I have gotten addicted to carton tho ...
05:53 marcus I think we should just provide https on get.mojolicio.us
05:53 preaction not pipe the results of an http request into bin/sh until i've seen what it is?
05:53 riche marcus: +1
05:53 purl 1
05:53 batman riche: what's better with carton?
05:53 batman preaction: ah.
05:53 batman marcus: i was thinking the same, and then serve cpanm directly from there.... but what good does it do?
05:53 preaction we could do the reductio ad absurdum all the way to "you better trust your compiler, because if your compiler is backdoored you'll never build safe software"
05:54 batman it will only silence the troll. it won't really solve anything.
05:54 batman preaction: not sure if i disagree :)
05:54 marcus batman: it prevents a very unlikely MITM attack
05:54 preaction you could also say "cpan Mojolicious", but that's just removing one layer of the rotten onion
05:55 preaction (in addition to the `wget get.mojolicio.us | sh` for the less paranoid)
05:55 riche sigh gotta go ... just when the channel started getting busy ... getting dark here and I'm on bike
05:55 batman marcus: hm... maybe if we serve cpanm over ssl and fetch the .tar.gz directly from github over ssl...
05:55 marcus batman: yeah, seems like an easy win.
05:55 batman preaction: that would be awful. "cpan" will scare people away. (it scares me)
05:55 marcus batman: we could get the contained cpanm from github over https too
05:56 batman cool. let's give it a try...
05:56 preaction but cpan is exactly what `wget ... | sh` does!
05:56 marcus Location: https://raw.githubusercontent.com/miyagawa/cpanminus/master/cpanm
05:56 preaction is just happens to not install the cpanm client used to download from cpan
05:59 batman this works like a charm: curl -s https://raw.githubusercontent.com/miyagawa/cpanminus/devel/cpanm | perl - https://github.com/kraih/mojo/archive/v5.21.tar.gz
05:59 batman the bad thing is that the URL need to be maintained
05:59 batman sri: maybe we could have a "latest" branch.
05:59 sujithm joined #mojo
05:59 batman marcus: guess we should change the installer for convos
06:00 marcus batman: yeah. convos.by provides https so that should be easy enough.
06:00 batman oh. wait a sec... why don't we use cpanm?
06:01 batman ah. because of carton?
06:01 marcus Yeah
06:01 marcus So just update the readme
06:01 batman right.
06:01 denis_boyun joined #mojo
06:03 batman marcus: can you register get.convos.by and make a redirect from "*" to "https://convos.by/install.sh" in cloudflare?
06:03 marcus batman: why?
06:03 marcus what does it gain us?
06:04 batman because it's shorter and easier to remember
06:04 tianon and trolls of your own!  if you build it, they will come :)
06:04 neyasov_____ joined #mojo
06:04 * marcus prepares the bridges
06:07 marcus https://www.evernote.com/shard/s22/sh/5fdf70f2-b2bb-46ab-af80-eaab11c4a238/d9d5ca75386d986cd3ced21b89834863/deep/0/Page-Rules-for-convos.by---CloudFlare---The-web-performance-&-security-company.png
06:08 ceej joined #mojo
06:08 preaction wasn't one of the concerns that it was a redirect?
06:12 woz joined #mojo
06:13 marcus preaction: why would that be a concern, when it's a redirect from https to https
06:13 preaction i don't know, it was in the ticket
06:18 batman preaction: no, they said http -> http -> http in the ticket
06:19 preaction "Why are you serving your code via two layers of redirects?" followed then by "Why are those redirects sent in the clear?", so i'm assuming that those are two unrelated concerns
06:19 batman clear = http
06:20 preaction yes. i know that.
06:20 laouji joined #mojo
06:30 ceej joined #mojo
06:31 Vandal joined #mojo
06:41 dod joined #mojo
06:49 woz joined #mojo
06:59 laouji joined #mojo
07:02 trone joined #mojo
07:18 arthas joined #mojo
07:19 sujithm joined #mojo
07:24 woz joined #mojo
07:24 riche joined #mojo
07:25 riche batman: all I meant by my carton comment earlier is in the last few weeks I have all but ditched cpan for carton
07:26 riche I've been stuck in old-school ways and trying to get 'modern' :p
07:29 batman :)
07:40 riche yah I'll just put it this way: mojo style was a big shift for me syntax wise, my last "big shift" being with 'object oriented perl' as put forward in advanced perl programming 1st ed
07:55 davido_ joined #mojo
08:00 woz joined #mojo
08:02 woz joined #mojo
08:04 rawler joined #mojo
08:09 basiliscos joined #mojo
08:13 sri batman: that comment you made was not good :(
08:13 batman can i fix it?
08:14 sri you don't ask things ina locked comment nobody can answer to, that's just rude
08:14 sri s/comment/thread/
08:14 batman what do you mean locked..?
08:14 * batman checks
08:14 riche only 'collaborators' can comment on it
08:15 batman crap. i didn't know that was possible :(
08:15 sri looks above your comment https://github.com/kraih/mojo/issues/656#issuecomment-50433885
08:15 batman i didn't see that in the iphone app
08:15 batman batman--
08:15 sri riche was just lucky and commented in a very very short window before i locked the thread
08:15 batman sorry
08:16 riche lol
08:16 riche yah I was wondering if it would get rejected
08:16 sri fix it then, edit/delete your comment and explain what happened in #657
08:17 riche I get security consultants who say stuff like that all the time, and I just say 'try it'
08:17 riche a lot of it is so hypothetical but it creates a anxiety filled environment for many
08:17 sri marcus: don't you remember what happened the last time we used HTTPS in the one-liner?
08:18 sri shit didn't work and people complained all the time
08:18 sri marcus: also, what MITM attack are you preventing?
08:18 sri CPAN IS INSECURE BY DESIGN
08:19 sri let me sum it up, you're not going to prevent anything
08:20 riche sri is right, and in the end it's the user's responsibility to trust or not to trust
08:20 batman could it be possible to provide a "more secure" way to do it: curl -s https://raw.githubusercontent.com/miyagawa/cpanminus/devel/cpanm | perl - https://github.com/kraih/mojo/archive/v5.21.tar.gz
08:20 batman riche: i agree.
08:22 sri batman: and then you need a dependency like Pod::Simple 3.09... and boom unsecure... MITM attack
08:22 sri it is not our responsibility to fix the CPAN toolchain
08:22 gatitskiy joined #mojo
08:24 sujithm_ joined #mojo
08:24 batman so my idea is just masking the inevitable issue?
08:25 davido_ joined #mojo
08:25 sri yes
08:26 sri the whole point is that the CPAN toolchain is insecure by design, whatever we put on top of it is just security theatre
08:26 sri those two redirects are a tiny attack vector
08:27 sri MITM is not a factor, the worth that could happen is that someone takes over cpanmin.us from marcus
08:27 sri s/worth/worst/
08:27 marcus or dns spoof it
08:27 marcus dns cache poisoning has happened to other things before
08:27 sri at that point you could spoof CPAN as well
08:27 marcus having said that, I find it unlikely.
08:28 marcus sri: Yes you could, but we could install directly from github over https
08:28 sri no we can't
08:28 sri we have dependencies
08:30 sri the optional ones and this new one on older Perl's, in case you missed it https://github.com/kraih/mojo/blob/master/Makefile.PL#L26
08:30 gatitskiy joined #mojo
08:31 sujithm joined #mojo
08:33 batman i wonder if the toolchain are thinking about this.
08:33 sri i doubt it, the solution is painful
08:34 batman also, does anyone know how golang does secure include from github? is it simply because it's forced ssl..?
08:35 batman painful? couldn't it be fixed with ssl..?
08:35 sri you have tomaintain CPAN infrastrucutre with up to date certificates, add IO::Socket::SSL and Net::SSLeay to core, maintain a list of trusted certificate authorities, and update all the CPAN clients
08:36 batman is the "IO::Socket::SSL and Net::SSLeay" part the most painful part?
08:36 batman trusted certificate authorities: couldn't that be done by using the system certs?
08:37 batman update cpan clients: yeah, they would have to use ssl..?
08:38 edestler joined #mojo
08:43 sri you also have to maintain your own certificate authority, or pay for new certs all the time
08:44 sri the perl community barely manages to keep the pause cert up to date
08:44 batman ok :/
08:45 gatitskiy joined #mojo
08:45 sri i totally believe perl core should be shipping IO::Socket::SSL, but i don't think it will happen
08:59 batman i'm thinking about making a Test::Mojo::Browser module (the name is not fixed). What it will do is to inject a websocket javascript snippet + jquery into the request sent to the browser. this can then allow the unit test to query the browser for if elements exist, listen to events and do similar things.
09:00 sri i brought the issue up in #toolchain btw
09:00 batman any thoughts?
09:00 batman sri++
09:01 batman the idea is to do something like this: my $t = Test::Mojo::Browser->new("MyApp"); $t->get_ok("/foo")->click_on("#selector")->element_exists("#some_new_element");
09:01 batman the example above won't work. it's just to illustrate the idea.
09:02 tomboh if IO::Socket::SSL were in core, would perl continue to support all the platforms it does today?  Would it bundle its own SSL implementation or expect the OS to provide one?
09:02 tomboh if it bundles its own SSL implementation, how do the porters react to new SSL vulnerabilities?
09:02 batman tomboh: happy (late) birthday :)
09:02 tomboh oh, thank you :)
09:05 batman you still look like a teenager ;)
09:05 batman you're welcome
09:06 tomboh heh, I feel sorry for any teenagers who look my age ;)
09:06 batman hahahaha
09:06 purl LOLCON 4 reached.
09:10 sujithm joined #mojo
09:19 sri tomboh: look at how other languages handle the problem
09:19 sri node.js is not too bad about ssl support in their toolchain
09:20 tomboh I haven't looked at node.js, thanks for the pointer
09:20 tomboh but I suspect its platform support isn't as wide as perl5's
09:22 KCL_ joined #mojo
09:24 sri not by a long shot
09:24 tomboh :)
09:41 basiliscos joined #mojo
09:43 odc that said, openssl is supposed to work everywhere
09:43 mire joined #mojo
09:43 rofl_ {boring,libre,open}ssl
09:44 odc yup
09:44 tomboh I bet your definition of "everywhere" doesn't cover all platforms in "echo README.*" in perl5.s source
09:45 odc it probably does afaik
09:45 odc that's why it was such a mess
09:45 odc is*
09:55 sri batman: re your https one-liner... it's a mojolicious app, so you could scrape the latest tag from cpan actually, no manual updating needed :)
09:59 ua joined #mojo
10:15 batman how can you do that, when mojo isn't installed yet..?
10:15 sri on the server, where the script comes from
10:15 batman aha. of course :)
10:17 good_news_everyon joined #mojo
10:17 good_news_everyon [mojo] kraih created socks (+1 new commit): http://git.io/L-HuHQ
10:17 good_news_everyon mojo/socks 82a7d45 Sebastian Riedel: added SOCKS5 support
10:17 good_news_everyon left #mojo
10:17 sri allright, good enough for a branch now
10:18 sri new IO::Socket::Socks is not out yet, so it only works with the github version
10:25 d4rkie_ joined #mojo
10:25 human39 joined #mojo
10:26 good_news_everyon joined #mojo
10:26 good_news_everyon [mojo] kraih pushed 1 new commit to socks: http://git.io/cBQ2LQ
10:26 good_news_everyon mojo/socks 8c209b4 Sebastian Riedel: no more barewords
10:26 good_news_everyon left #mojo
10:28 noganex_ mh... i've used under() and Mojolicious::Plugin::BasicAuthPlus in my startup method to get a basic http auth. once i entered the credentials in my browser it keeps using them. any idea how to implement something like a 'logout'?
10:30 sujithm joined #mojo
10:31 sri btw. one thing we could do, is use a more standard installation one-liner like "curl -L cpanmin.us | perl - -n Mojolicious"
10:31 poletti joined #mojo
10:31 sri i've actually suggested that before... but everybody voted -1
10:31 poletti hi all
10:31 sri o/
10:32 poletti quick questions on the docs for param()
10:32 poletti my ($foo, $bar) = $c->param(['foo', 'bar']);
10:33 poletti # The multi-name form can also be used to enforce scalar context
10:33 poletti my $hash = {foo => $c->param(['foo'])};
10:33 sri jberger, batman, marcus, tempire, crab: thoughts on a more standard one-liner?
10:33 ua1 joined #mojo
10:33 poletti so, for each item in the anonymous array, exactly one scalar array is generated?
10:34 poletti scalar array => anonymous array :)
10:34 batman sri: i would rather have the oneliner i suggested, than "curl -L cpanmin.us | perl - -n Mojolicious"
10:34 sri batman: i'd rather have no one-liner at all that yours :O
10:34 sri s/that/than/
10:35 batman even if it's masked in a script returned by "curl -L get.mojolicio.us | sh -" ?
10:36 sri the point of my one-liner is that it's standard, people can read docs and grok it
10:36 sri cpanminus docs actually explain http://cpanmin.us
10:36 sri you just want more security theatre
10:36 sri i'm very -1 on that
10:37 batman ok. it's still copy/paste-able, so i'm _not_ against it (curl -L cpanmin.us | perl - -n Mojolicious)
10:41 neyasov_____ joined #mojo
10:41 poletti uhm ok, it might be a scalar string or an array then
10:41 poletti (again, anonymous array)
10:44 good_news_everyon joined #mojo
10:44 good_news_everyon [mojo] kraih pushed 1 new commit to master: http://git.io/CETM-g
10:44 good_news_everyon mojo/master f3ba3e1 Sebastian Riedel: the multi-name form does not actually enforce scalar context
10:44 good_news_everyon left #mojo
10:44 sri should have waited a minute longer
10:50 D4RK-PH0ENiX joined #mojo
10:55 suy joined #mojo
11:09 Kripton joined #mojo
11:10 fhelmber_ joined #mojo
11:10 d4rkie joined #mojo
11:19 gatitskiy joined #mojo
11:29 judofyr joined #mojo
11:35 ua joined #mojo
11:43 good_news_everyon joined #mojo
11:43 good_news_everyon [mojo] kraih pushed 1 new commit to socks: http://git.io/rjUiTA
11:43 good_news_everyon mojo/socks db93eb4 Sebastian Riedel: much more comprehensive SOCKS tests
11:43 good_news_everyon left #mojo
11:43 sri ok, now i'm happy, those tests cover *a lot* of ground \o/
11:44 sri in case anyone wants to review...
11:44 sri https://github.com/kraih/mojo/compare/socks
11:46 sujithm joined #mojo
11:47 marcus sri: does that really require -n ? I thought perl - Mojolicious worked
11:48 sri we want to be faster, don't we?
11:48 sri the current one-liner does not run tests either
11:48 sri pretty sure you voted for it
11:49 marcus oh right
11:50 good_news_everyon joined #mojo
11:50 good_news_everyon [mojo] kraih pushed 1 new commit to socks: http://git.io/F77y3g
11:50 good_news_everyon mojo/socks 21b9189 Sebastian Riedel: better port tests
11:50 good_news_everyon left #mojo
11:50 sri getting old, eh? ;p
11:52 marcus sri: First day back, I'm still on vacation
11:52 marcus in my mind
11:54 ceej joined #mojo
12:05 neyasov_____ joined #mojo
12:08 neyasov_____ joined #mojo
12:09 good_news_everyon joined #mojo
12:09 good_news_everyon [mojo] kraih pushed 1 new commit to socks: http://git.io/9HYmFQ
12:09 good_news_everyon mojo/socks ff1eab3 Sebastian Riedel: more diverse proxy examples
12:09 good_news_everyon left #mojo
12:10 batman sri: i don't understand socks, but from what i could understand i give +1
12:10 batman unittesting++ # t/mojo/user_agent_socks.t is pretty awesome
12:11 sri http://en.wikipedia.org/wiki/SOCKS
12:11 sri it is also the protocol used by Tor
12:11 purl okay, sri.
12:12 batman well, i do use socks all the time. all my laptop traffic goes through a socks tunnel to my home server...
12:12 batman (except dns i think)
12:13 sri socks5 can handle dns for you
12:14 mr-foobar joined #mojo
12:17 batman yeah, but i need to configure some system wide stuff that i haven't looked into
12:27 batman https://github.com/jhthorsen/test-mojo-browser <--- this is what i suggested earlier.
12:27 batman it actually works as well :)
12:28 batman marcus: got any ideas? ^^ i was thinking about how i could test convos, and since i don't know client side testing, i thougt i could do it with perl :)
12:29 nicomen batman: if you are not also including a javascript engine, there is WWW::Mechanize, and modules to use it with Test::Mojo
12:29 batman i'm not going near mechanize
12:30 nicomen ah you are using a browser
12:30 nicomen that's neat ;)
12:30 batman it gives me heart attack
12:30 nicomen heh
12:30 nicomen I like it for form submission, and a couple of other things
12:30 neilhwatson joined #mojo
12:30 nicomen (that Test::Mojo lacks)
12:30 batman yeah, the module is supposed to test javascript and other browser related things
12:31 nicomen but yes, like many other perl modules, it feels complicated
12:31 nicomen batman: that's great btw.
12:31 batman it's not just complicated, it's almost impossible to install.
12:31 nicomen WWW::Mechanize impossible to install?
12:31 denis_boyun joined #mojo
12:31 marcus I guess implementing form submit in Test::Mojo would be rather easy now that Mojo::Dom has a val method?
12:32 batman marcus: not really. probably the same reason why val() didn't get $dom->at('form')->val;
12:36 batman sri: is the name (Test::Mojo::Browser) ok? or do i pollute any namespace with it?
12:36 batman and yes, i will clean up use of internal methods :)
12:40 judofyr batman: there's also WebDriver which allows you to control a web browser without opening a WebSocket
12:41 batman judofyr: is it a selenium thing?
12:41 judofyr yes
12:42 judofyr we've been using it in Ruby for testing heavy JavaScript pages
12:42 batman gui tool..?
12:42 judofyr nope
12:43 nicomen batman: I like it, I miss some ways to tell Browser::Open which browser to use though. The default browser might vary on systems, and you might want to go thru a set of browsers specifically
12:43 batman nicomen: BROWSER=mozilla
12:44 nicomen aha!
12:44 judofyr batman: http://i.imgur.com/48OaSDp.png
12:44 judofyr all code
12:45 judofyr fill_in, click_button, check all makes stuff happen in Firefox
12:45 nicomen to me selenium has too many/high thresholds, this seems to work out of the box
12:46 judofyr batman: this is Capybara btw, so the backend is configurable. if I don't depend on JavaScript and can use a pure-Ruby backend which just requests directly and inspects the result
12:47 batman nicomen: *hopefully* there might be some javascript that -you- load that prevent the injected javascript from working.
12:47 nicomen batman: as long as you scope it correctly it should work on top of anything
12:47 judofyr batman: there's also certain issues with dispatching events from a WebSocket event. e.g. popups are not allowed.
12:47 nicomen ah
12:48 batman judofyr: maybe i need to look into webdriver before "wasting" too much time on my module then :)
12:48 judofyr batman: as long as you support multiple backends I don't think it's wasting too much time :)
12:49 batman nicomen: there are issues (not yet implemented) but you could do $t->clicked_ok() which would fire once the button is actually clicked, but that would require the event to actually bubble.
12:49 judofyr batman: e.g. some Firefox updates have changed the protocol.
12:49 batman so if you do return false; inside a jquery event handler, then the test will not work. (not yet implemented though)
12:50 batman judofyr: "support multiple backends" ..? in Test::Mojo::Browser ?
12:50 judofyr batman: not sure how much code would be sharable across backends
12:51 batman judofyr: "support multiple backends" ..? in Test::Mojo::Browser you mean?
12:51 judofyr batman: yes. as in, Test::Mojo::Browser could both support talking through WebSocket, WebDriver, or using Test::Mojo+Mojo::DOM
12:52 batman i guess it could support WebDriver. no idea how though...
12:52 batman not sure why it would support Test::Mojo as backend... couldn't you just use Test::Mojo instead then..?
12:53 nicomen http://search.cpan.org/~aivaturi/Selenium-Remote-Driver-0.15/ ?
12:53 batman also, Test::Mojo is for static webpages. Test::Mojo::Browser is not.
12:53 judofyr batman: well, it would provide stuff like ->click_link() and ->click_radio()
12:53 nicomen I think he means as a non-js fallback version?
12:53 judofyr yes
12:53 nicomen (implementing things that WWW::Mechanize has)
12:53 judofyr correct
12:53 nicomen \o
12:53 judofyr or maybe integrating with WWW::Mechanize
12:53 judofyr dunno
12:54 batman i'm NOT going to even consider doing anything with WWW::Mechanize.
12:54 judofyr but it's a very nice way to write high-level integration tests. and it's very nice being able to use the same API for stuff that requires JS and stuff that doesn't
12:54 judofyr (the advantage of avoiding a browser => faster tests)
12:54 edestler joined #mojo
12:55 batman judofyr: but why wouldn't you just use Test::Mojo for that?
12:55 judofyr batman: does Test::Mojo keep track of selected checkboxes, filled in fields and such? it's been a while since I've used it
12:55 batman judofyr: oh. right. so i would have to emulate a browser inside the test script?
12:56 batman not going to do that. die ETOOMUCHWORK;
12:56 judofyr yes. or, form handling at least.
12:56 batman but i would take pull requests ;)
12:56 judofyr that's fine, but you should probably have it in mind when you're designing the API
12:56 judofyr because there's some cases where it's awesome having a high-level test API, but you don't want to run everything through a browser
12:57 judofyr batman: but yeah, please focus on your case!
12:57 judofyr and to be honest, I don't know enough about the details behind WebDriver/Selenium :/
12:58 judofyr batman: another advantage of WebDriver though: you can test pages you don't control. e.g. I've written tests that go through PayPal's sandbox.
12:59 batman yes, that is indeed an advantage.
12:59 batman that's why i provide dummy sandbox pages for my paypal mojo plugin :)
13:02 judofyr but yeah, I really missed a high-level browser testing API when I did Mojo work
13:02 judofyr Test::Mojo is already great for controller tests
13:03 judofyr but the integration test situation isn't good :/
13:03 ryozi joined #mojo
13:04 judofyr (now insert "cost" and "value" for each of the tests and figure out if it's worth it :)
13:04 batman :)
13:04 batman thanks for feedback
13:06 judofyr no matter what solution you go for: ++++ from me!
13:07 judofyr anyway, it's been a while since I've been playing with Mojo
13:07 judofyr any cool new features, or is it all stable now?
13:08 mire joined #mojo
13:08 batman always new features ;)
13:08 nicomen both ;)
13:08 zivester joined #mojo
13:09 batman Mojo::DOM->val is the newest i guess. and coming up: socks5 support
13:10 batman better performance for reactor::pol and various methods.
13:10 batman *poll
13:11 batman https://metacpan.org/changes/distribution/Mojolicious # not sure how long ago you'r referring to
13:11 nicomen judofyr: did you forget to attend mojoconf?
13:11 batman :)
13:11 judofyr nicomen: yup!
13:12 batman judofyr: have you looked at phantomjs?
13:12 judofyr batman: a bit. not sure why we're not using it now.
13:13 judofyr batman: that's also a good thing with switchable backends: Capybara supports it through a plugin: https://github.com/teampoltergeist/poltergeist :-)
13:14 batman :)
13:14 sri judofyr: when was the last time you looked?
13:15 judofyr sri: before 4.0 I think
13:15 sri for new features since 4.0 you can take a look at my mojoconf slides https://speakerdeck.com/kraih/five-point-oh
13:15 judofyr that's ancient in Mojo's time scale I guess?
13:15 batman yes.
13:16 sri indeed
13:16 batman very much ancient :S
13:16 punter joined #mojo
13:16 sri 4.0 was 703 lines of changes ago
13:18 judofyr sri: hang on, are all JSON object types valid JSON documents now?
13:18 sri yes! \o/
13:18 sri *facepalm*
13:18 judofyr so String#to_json in Ruby finally makes sense! (other than being a monkey-patch)
13:19 judofyr hm… I wonder if this changes any of the code I've written…
13:20 Adura joined #mojo
13:35 batman 🙈
13:36 mire_ joined #mojo
13:48 neyasov_____ joined #mojo
13:52 batman nicomen: /j #oslo.pm ?
13:57 btyler joined #mojo
13:58 _eugen joined #mojo
14:05 rj11 I have a few actions based on a bridge. Can I somewhere wrap the execution of both the bridge and the action? So I can execute that code within a single DB transaction.
14:06 nicomen it doesn't sound right to mix bridges and actions, with db transactions?
14:06 btyler_ joined #mojo
14:12 rj11 Doesn't it? The bridge finds an object stored in the database and places it in the stash. The actions then either render the edit or view templates, and in the edit action modifies the object on POST.
14:14 btyler joined #mojo
14:18 nicomen aah
14:18 nicomen wouldn't you just run the transaction in the bridge then?
14:19 nicomen if POST alter things before retreieving them back for the stash?
14:24 rj11 I might be able to start the transaction in the bridge and commit it in the action. But that would be like asking for trouble.
14:25 sh4 joined #mojo
14:26 nicomen the transaction should both update and read back?
14:28 rj11 Yes, I'd prefer to do both the read and write of the object in the same transaction. Otherwise there wouldn't be much of a point to use transactions.
14:28 nicomen can't you have all of this in the bridge: start transaction; conditional update in the bridge if the method is POST and the values validate; read back the info, end transaction
14:28 rj11 Then I wouldn't be able to re-use the bridge for other actions that may use POST for other purposes.
14:29 nicomen use another bridge?
14:29 nicomen chain it?
14:31 rj11 https://gist.github.com/anonymous/0061c88901e2e66a3dfe
14:32 rj11 That's a small, simplified, snippet of my controller and a small example at the end of how I'd like to run my transaction.
14:32 nicomen if you rally want to use around dispatch, you can check what kind of request it is, paths, method et al and only run when matching
14:38 nicomen you can also use a bridge: my $route_with_book = $routes->bridge('/admin/books')->to(cb => sub { start_trans; update_booksr if POST; get_book; end_trans; add_book_to_stash; }; $route_with_book->get('/edit')->...
14:39 rj11 In that case I might just as well ditch the bridge completely and place the lookup code in both view and edit.
14:40 nicomen but I don't get what you want to do, you can check paths in the hook if you want to?
14:40 nicomen or methods
14:41 rj11 Then I would have to update those paths everything the routes changes.
14:42 abhishekisnot joined #mojo
14:42 rj11 every time*
14:42 sujithm joined #mojo
14:44 rj11 I want one function (bridge) to load an object from the database and stores it in the stash. I want one function for each of the actions the visitor can perform on that object, such as editing it, viewing it, deleting it, and so on. I want all of this to run in a single database transaction, to avoid and race conditions that could occur, for example in between the SELECT and the UPDATE.
14:45 judofyr rj11: why not move it into a method in the controller? or a helper?
14:45 rj11 That bridge could then in the future be improved, to make sure the current user has access rights to the requested object, and so on.
14:46 judofyr rj11: the helper method could as well :)
14:46 rj11 That's of course a solution if nothing else is possible, but it is not as clean. :)
14:46 judofyr I see your point though. bridges are cool. but I've found they're not expressive enough to do complex stuff.
14:48 rj11 With a bridge I can change the lookup code without ever touching the code in the actions.
14:49 sujithm joined #mojo
14:50 rj11 judofyr: I'd like to have my $foo = $r->bridge(...); $foo->around(sub { ...  });
14:51 judofyr rj11: my conclusion after playing with bridges: unless the computation is going to *directly* change how you route the rest of the request, it's probably not worth adding it to a bridge.
14:51 judofyr rj11: maybe you'll have more luck figuring out a way to make it work for you :)
14:51 rj11 Perhaps there is! I just found $c->continue.
14:58 btyler_ joined #mojo
14:59 sujithm joined #mojo
15:03 btyler joined #mojo
15:04 nicomen rj11: I just showed you have you could accomplish the ->around thing, just inside out?
15:08 rj11 nicomen: That hardcodes the update logic in the bridge and in that case I can just place it all in the action, unfortunately. And I have to SELECT the book before I can update it.
15:09 good_news_everyon joined #mojo
15:09 good_news_everyon [mojo] kraih deleted simple_val at d602e07: http://git.io/AkeuHw
15:09 good_news_everyon left #mojo
15:09 good_news_everyon joined #mojo
15:09 good_news_everyon [mojo] kraih deleted val at a324e15: http://git.io/BkAoHQ
15:09 good_news_everyon left #mojo
15:09 good_news_everyon joined #mojo
15:09 good_news_everyon [mojo] kraih deleted fix_fork at cedeab3: http://git.io/zsR1pg
15:09 good_news_everyon left #mojo
15:09 good_news_everyon joined #mojo
15:09 good_news_everyon [mojo] kraih deleted render_steps at 6ad381a: http://git.io/88ZdaQ
15:09 good_news_everyon left #mojo
15:10 good_news_everyon joined #mojo
15:10 good_news_everyon [mojo] kraih deleted recursion at 28458bb: http://git.io/CZwh5Q
15:10 good_news_everyon left #mojo
15:10 btyler_ joined #mojo
15:16 sujithm joined #mojo
15:20 btyler joined #mojo
15:22 sujithm joined #mojo
15:24 risugg joined #mojo
15:27 sujithm joined #mojo
15:28 rj11 https://gist.github.com/anonymous/071ec9c6ef72704d35f2
15:28 rj11 That does exactly what I want. I'm not sure how safe line 4 is though.
15:31 rj11 Mark 1 would start the transaction, mark 4 would commit it or rollback on error and mark 2 and mark 3 will both be executed within the transaction.
15:34 nicomen you could perhaps use around_action?
15:35 rj11 nicomen: I tried that, unfortunately it runs around every bridge/action.
15:36 nicomen but you need to decide _somewhere_ which routes should use a transaction?
15:37 rj11 See my latest gist, everything based on $wrapped will be executed within the same transaction.
15:38 nicomen you could pass a stash variable to the action that indicates what you want to do, and check it in around_action
15:39 rj11 around_action is called once for each action and bridge, that will not work.
15:39 nicomen I use around_Action to populate stuff here
15:39 nicomen butI cheat:         return $next->() if $self->stash('_around_action_run');
15:45 rj11 nicomen: Cheating is asking for trouble. :)
15:46 judofyr rj11: and $c->match->current($c->match->current + 1) is not? :)
15:48 basiliscos joined #mojo
15:48 rj11 judofyr: It definitely is, especially since $c->match->current will be reset to what ever value it would have had without that increment, the moment my callback returns. (Routes.pm line 45).  :) I'm working on a non-cheating solution.
15:48 judofyr :)
15:48 judofyr sri probably has the answer here
15:49 judofyr anyway, gotta go
15:49 judofyr good luck!
15:49 purl You'll need it.
16:00 jb360 joined #mojo
16:04 btyler_ joined #mojo
16:09 btyler joined #mojo
16:16 btyler_ joined #mojo
16:17 * sri wonders if all "security auditors" are jerks
16:19 sri not even sure what a "security auditor" is exactly... but every time i meet one they are so full of themselves
16:22 neilhwatson They are the high priest of the tower. Their rich voices chanting dogma and ingnorance.
16:23 btyler_ most of the security folks I've met at meetups have been nice, normal people. maybe something about building reputation by going after open source projects brings out the more abrasive language/personalities
16:24 Adura Being consistent when attacking the software and the dev.
16:24 denis_boyun joined #mojo
16:27 ua joined #mojo
16:28 davido_ It's the meritocracy quest, probably.
16:28 davido_ Developers release cool libraries to CPAN.
16:28 davido_ Security folks find faults and point the finger shouting.
16:31 neilhwatson I deal with them as a sysadmin.  The good ones are helpful and informative, the bad ones are too secretive, thinking this a good thing, or wrong.
16:32 btyler joined #mojo
16:33 gatitskiy joined #mojo
16:33 marty_ joined #mojo
16:36 gatitskiy joined #mojo
16:37 btyler_ joined #mojo
16:39 risugg I'm trying to send data via post using post_ok, but I'm not doing something right. I've created a gist showing the lite app and the test case if someone could help me out: https://gist.github.com/e43807ea7d2b5b5db5e2.git
16:40 basiliscos joined #mojo
16:40 risugg sorry - wrong link about sending post data -- here's the link to the gist: https://gist.github.com/richardsugg/e43807ea7d2b5b5db5e2
16:46 neilhwatson I'm not great at mojo, but the app file declares the url /post_route while the test case calls the url /post_route.json.
16:46 risugg ah - yeah - same result, though.
16:47 risugg just repeated the test case w/o .json to be sure, and same result.
16:48 sri where did you read that $c->param() parses JSON?
16:52 risugg in the perldoc for Mojolicious/Controller#param, it says that that the body is loaded into memory to parse POST parameters -- I understood that to mean that param would return body info
16:53 risugg So do I need to parse the body myself?
16:53 btyler joined #mojo
16:53 sri "body info"?
16:53 risugg json in the body
16:53 sri how would that work if you JSON body was... say "[1,2,3]" or "null"?
16:54 risugg perhaps a better question is to ask, "When expecting json in the body, am I expected to call $controller->req->body and parse?"
16:54 sri or even "true"
16:54 risugg sounds like 'Yes"
16:54 risugg i see what you mean
16:54 sri if it looks like i'm trying to avoid giving you the answers it is because i am :)
16:55 * sri is trying to understand where you went wrong and if the docs need to be improved
16:55 risugg (reworking test case...)
16:59 risugg awesome - got it - updated the gist: https://gist.github.com/richardsugg/e43807ea7d2b5b5db5e2
16:59 risugg I think once you asked the question about the JSON being an array or simply null, it was pretty obvious that you can't simply assume the JSON structure, but I was being ... naive :)
17:00 d4rkie joined #mojo
17:00 D4RK-PH0ENiX joined #mojo
17:01 basiliscos joined #mojo
17:02 gatitskiy joined #mojo
17:07 btyler_ joined #mojo
17:08 * tempire likes the current one-liner
17:08 gatitskiy joined #mojo
17:09 good_news_everyon joined #mojo
17:09 good_news_everyon [mojo] kraih pushed 1 new commit to master: http://git.io/mWkT2Q
17:09 good_news_everyon mojo/master 30b2723 Sebastian Riedel: be more specific about POST parameters
17:09 good_news_everyon left #mojo
17:09 sri risugg: maybe that will help in the future
17:12 risugg @sri - mojolicious rocks - thanks!
17:12 btyler joined #mojo
17:14 good_news_everyon joined #mojo
17:14 good_news_everyon [mojo] kraih pushed 1 new commit to master: http://git.io/dou2Tw
17:14 good_news_everyon mojo/master 975eb27 Sebastian Riedel: mention query string as well
17:14 good_news_everyon left #mojo
17:14 gatitskiy joined #mojo
17:14 sri \o/
17:15 sri maybe i should mention that every now and then... i'm not avoiding answers to be a jerk... i'm fishing for clues as to where the docs went wrong ;)
17:18 btyler_ joined #mojo
17:21 stokachu joined #mojo
17:23 Kundun joined #mojo
17:25 gear joined #mojo
17:25 gear hello
17:25 sri o/
17:25 kbenson1 joined #mojo
17:26 gear help me please to solve one issue
17:26 gear i'm writing my site using mojolicious
17:27 gear on server it runs on apache2 via PSGI interface
17:27 gear here is the server log http://pastebin.com/x0pHbCyn
17:28 gear on my development machine i'm using morbo to test the code
17:28 gear all works like a charm
17:29 gear but controllers randomly disapears on server
17:29 gear and i get lines like this in logs
17:29 gear Controller "WhatWhatWeb::Sections" does not exist.
17:29 gear but a minute ago all worked fine
17:30 gear what could cause this behaviour
17:30 gear &
17:30 gear ?
17:30 tempire I don't think there's many apache users in here
17:31 tempire or PSGI users, for that matter
17:31 stephan48 apache? *burns his servers* no i don't use apache anymore
17:31 gear what are you using on production&
17:31 gear ?
17:32 tempire hypnotoad
17:32 purl ALL GLORY TO THE HYPNOTOAD!!! or nice running on a raspberry pi. Whenever I'll think about something useful to do with Akron's raspberry, I guess it will be a mojo service ...
17:32 neilhwatson ++
17:32 gear =(
17:33 gear all my subdomains running on apache+php
17:33 throughnothing joined #mojo
17:33 gear i can't get rid of apache
17:33 tempire use it as a reverse proxy to hypnotoad
17:34 gear hm...
17:35 dod joined #mojo
17:41 stokachu joined #mojo
17:47 lipizzan joined #mojo
17:52 Kundun joined #mojo
18:03 btyler joined #mojo
18:10 go|dfish joined #mojo
18:28 KindOne joined #mojo
18:34 circ-user-iK6MK joined #mojo
18:38 denis_boyun_ joined #mojo
18:40 KindOne joined #mojo
18:42 batman gear: https://metacpan.org/pod/distribution/Mojolicious/lib/Mojolicious/Guides/Cookbook.pod and https://metacpan.org/pod/distribution/Mojolicious/lib/Mojolicious/Guides/Cookbook.pod#Apache-mod_proxy
18:43 basiliscos joined #mojo
18:44 Kundun joined #mojo
18:47 alnewkirk joined #mojo
18:54 btyler_ joined #mojo
18:59 berov joined #mojo
19:04 circ-user-6f47E joined #mojo
19:04 KindOne joined #mojo
19:06 davido__ joined #mojo
19:13 btyler joined #mojo
19:14 KindOne joined #mojo
19:28 vervain joined #mojo
19:34 mire_ joined #mojo
19:42 KindOne joined #mojo
19:43 woz joined #mojo
19:53 btyler_ joined #mojo
20:02 dod joined #mojo
20:09 vervain joined #mojo
20:11 Adura joined #mojo
20:11 btyler joined #mojo
20:13 * sri is waiting for the new IO::Socket::Socks :O
20:17 btyler_ joined #mojo
20:20 good_news_everyon joined #mojo
20:20 good_news_everyon [mojo] kraih pushed 1 new commit to master: http://git.io/6v5pKQ
20:20 good_news_everyon mojo/master 9996f80 Sebastian Riedel: try testing IPv6 and TLS too
20:20 good_news_everyon left #mojo
20:24 riche left #mojo
20:30 btyler joined #mojo
20:31 neilhwatson joined #mojo
20:41 vervain joined #mojo
20:45 woz joined #mojo
20:48 woz_ joined #mojo
20:49 neyasov______ joined #mojo
20:53 neyasov_______ joined #mojo
20:57 neyasov________ joined #mojo
21:06 btyler_ joined #mojo
21:07 neyasov_________ joined #mojo
21:11 btyler joined #mojo
21:11 gear left #mojo
21:16 neyasov__________ joined #mojo
21:16 vervain joined #mojo
21:18 zackiv31 joined #mojo
21:19 circ-user-ODbjE joined #mojo
21:22 KCL joined #mojo
21:28 btyler_ joined #mojo
21:36 btyler joined #mojo
21:56 vervain joined #mojo
21:58 neyasov___________ joined #mojo
22:00 btyler_ joined #mojo
22:02 neyasov____________ joined #mojo
22:05 marty joined #mojo
22:10 neyasov____________ joined #mojo
22:16 neyasov____________ joined #mojo
22:19 sugar joined #mojo
22:21 neyasov____________ joined #mojo
22:23 Averna joined #mojo
22:37 neyasov____________ joined #mojo
22:39 good_news_everyon joined #mojo
22:39 good_news_everyon [mojo] kraih pushed 1 new commit to socks: http://git.io/0zhgtA
22:39 good_news_everyon mojo/socks 1cad9c9 Sebastian Riedel: the request does not need to know about SOCKS
22:39 good_news_everyon left #mojo
22:43 neyasov____________ joined #mojo
22:49 good_news_everyon joined #mojo
22:49 good_news_everyon [mojo] kraih pushed 1 new commit to socks: http://git.io/_qs7pQ
22:49 good_news_everyon mojo/socks 67a80bf Sebastian Riedel: make sure credentials do not leak
22:49 good_news_everyon left #mojo
22:55 neyasov____________ joined #mojo
23:02 vervain joined #mojo
23:02 neyasov____________ joined #mojo
23:12 d4rkie joined #mojo
23:15 neyasov____________ joined #mojo
23:17 ashleydev joined #mojo
23:23 neyasov____________ joined #mojo
23:25 neyasov____________ joined #mojo
23:30 neyasov____________ joined #mojo
23:32 ashleydev joined #mojo
23:32 neyasov____________ joined #mojo
23:37 neyasov____________ joined #mojo
23:43 neyasov____________ joined #mojo
23:48 neyasov____________ joined #mojo

| Channels | #mojo index | Today | | Search | Google Search | Plain-Text | summary