Exactly - I'm worried that in a couple of years time, someone will delete that download, or upgrade the REST interface, not realising that the installer is (ab)using it for something else...
On 9 July 2016 at 08:43, Denis Golovin <[email protected]> wrote: > There is no issue opened for this. Do you mean rest service should support > requests to check T&C's using product-id instead of specific file. > Something similar to > https://developers.redhat.com/download-manager/rest/tc-accepted?productId=cdk > > ----- Original Message ----- >> From: "Pete Muir" <[email protected]> >> To: "Denis Golovin" <[email protected]> >> Cc: "Pavol Pitonak" <[email protected]>, [email protected], "Rick >> Wagner" <[email protected]> >> Sent: Friday, July 8, 2016 7:52:30 AM >> Subject: Re: [Devtools] Fix an installer problem with a server-side change? >> >> Do we have an issue to replace this with a proper T&C check that >> doesn't involve the name of a file that might get changed without >> someone understanding the installer depends on it? >> >> On 8 July 2016 at 00:27, Denis Golovin <[email protected]> wrote: >> > That is correct answer. This url is only to verify T&C's are signed. >> > >> > ----- Original Message ----- >> >> From: "Pavol Pitonak" <[email protected]> >> >> To: "Pete Muir" <[email protected]> >> >> Cc: [email protected], "Rick Wagner" <[email protected]> >> >> Sent: Thursday, July 7, 2016 4:50:19 AM >> >> Subject: Re: [Devtools] Fix an installer problem with a server-side >> >> change? >> >> >> >> It's not installing CDK 2.0.0-beta3 but the one specified in [1]. The >> >> mentioned URL is only used for finding out whether the user provided >> >> correct >> >> username/password and whether he had agreed with T&C. >> >> >> >> [1] >> >> https://github.com/redhat-developer-tooling/developer-platform-install/blob/master/requirements.json#L7 >> >> >> >> On Thu, Jul 7, 2016 at 1:40 PM, Pete Muir < [email protected] > wrote: >> >> >> >> >> >> On 6 July 2016 at 20:02, Rick Wagner < [email protected] > wrote: >> >> > Hello DevTools, >> >> > >> >> > It seems we have a problem with the current version of the Development >> >> > Suite >> >> > installer. We have at least 2 new customer cases reporting inability to >> >> > install due to the message dialogue "Terms and Conditions for the CDK >> >> > have >> >> > not been signed". >> >> > >> >> > This is concerning because we're also seeing similar activity on >> >> > non-support >> >> > channels. It's also worth noting that not every user that has a problem >> >> > reports it-- some just give up and move on. There is enough volume here >> >> > that we probably should treat this with some urgency. >> >> > >> >> > It seems likely the relevant code (thanks for highlighting this, Alexey) >> >> > is >> >> > below: >> >> > >> >> > ------------------------------------------------- >> >> > >> >> > login() { >> >> > this.authFailed = false; >> >> > this.tandcNotSigned = false; >> >> > >> >> > let req = { >> >> > method: 'GET', >> >> > url: >> >> > ' >> >> > https://developers.redhat.com/download-manager/rest/tc-accepted?downloadURL=/file/cdk-2.0.0-beta3.zip >> >> > ', >> >> > <<<<<<<<<---- returns 'false' when not approved >> >> >> >> I noticed when reading this that this code appears to be downloading >> >> CDK 2.0.0-beta3 which implies that either this is an old version of >> >> the installer, or the installer is installing a very old CDK... >> >> >> >> > headers: { >> >> > 'Authorization': 'Basic ' + this.base64.encode(this.username + ':' + >> >> > this.password) >> >> > } >> >> > }; >> >> > >> >> > this.http(req) >> >> > .then(this.handleHttpSuccess.bind(this)) >> >> > .catch(this.handleHttpFailure.bind(this)); >> >> > } >> >> > >> >> > --------------------------------- >> >> > >> >> > >> >> > So we have users getting denied use of our product. Do we require a >> >> > rebuild >> >> > immediately? Maybe. >> >> > >> >> > How about if we changed the rest service >> >> > ( https://developers.redhat.com/download-manager/rest/tc-accepted ) so >> >> > it >> >> > includes a peak at an override database as well as whatever it's >> >> > currently >> >> > doing now? >> >> > >> >> > In that way, we could have the users pop over to a 'yes, I agree to the >> >> > terms' page to insert an entry into the database. The rest service could >> >> > use something like the provided username as a key to ensure a 'true' is >> >> > returned. >> >> > >> >> > >> >> > Or not. Is there a better way to fix this? >> >> > >> >> > Please consider, we need to fix this sooner rather than later.... >> >> > >> >> > Thanks, >> >> > >> >> > Rick >> >> > >> >> > >> >> > _______________________________________________ >> >> > Devtools mailing list >> >> > [email protected] >> >> > https://www.redhat.com/mailman/listinfo/devtools >> >> > >> >> >> >> _______________________________________________ >> >> Devtools mailing list >> >> [email protected] >> >> https://www.redhat.com/mailman/listinfo/devtools >> >> >> >> >> >> _______________________________________________ >> >> Devtools mailing list >> >> [email protected] >> >> https://www.redhat.com/mailman/listinfo/devtools >> >> >> _______________________________________________ Devtools mailing list [email protected] https://www.redhat.com/mailman/listinfo/devtools
