SDSM:Pending Changes: Difference between revisions

From SMUSwiki
Jump to navigation Jump to search
(Small Laravel 10 item changes.)
(Move item about timeout fix on sub-dir sites from Pending to Historical.)
Line 18: Line 18:


[[#top|RETURN]]
[[#top|RETURN]]
== SDS Laravel: Fixes to Broken Behavior ==
=== 2024 May 20: Timeout Feature Broken In Sub-Directory Hosted Apps ===
''SDS Laravel'' has a security feature such that if a user is inactive for
a period of time, 15 minutes typically, they will be automatically logged
out of the app. The app displays a countdown timer on the top right hand
corner of the screen that ticks for every second of activity. Javascript
code running in the client web browser will normally reset the countdown to
the full amount whenever a user interface (UI) event occurs that it
considers continued user activity, such as mouse movement over the screen.
This feature is implemented partly by the web client invoking the
<code>/session</code> endpoint on the server.
That invocation fails on any ''SDS Laravel'' app instance that is hosted at
a web address which is a sub-directory of the base url (meaning it is based
at an address like <code>https://foo.com/bar</code> rather than at an
address like just <code>https://foo.com</code>). This is because the web
client is trying to unconditionally treat every app instance as if it is
hosted directly at the base url with respect to its attempts to invoke the
<code>/session</code> endpoint, and so it is invoking the wrong web address
for instances that are at sub-directory urls.
As a result, for broken app instances, while the first UI activity
indicating continued user activity will reset the countdown timer displayed
on screen to the user, all subsequent UI activity will have no effect on
the timer, and it will not reset, and the server will not be aware of this
activity. Only a full page load like clicking a link to a new page will
register as activity and reset the timer.
This breakage affects all ''SDS Laravel'' instances at
https://sdsdev.smus.ca which are in sub-directories.
The primary change of this task fixes the problem by making the web client
respect the actual location of the app when invoking <code>/session</code>.
Mainly it is a 1-line change in the Laravel Blade template file
<code>resources/views/layouts/main.blade.php</code> to use
<code><nowiki>url: '{{route('session')}}'</nowiki></code> rather than
<code>url: '/session'</code>.
An additional change of this task is to fix a problem where the
app's background image doesn't display for the same underlying reason. The
problem is that the web client is trying to load the image
<code>public/images/body.png</code> from the wrong location. The fix
updates 1 line in the CSS file <code>public/css/smus_custom.css</code> to
<code>background: url('../images/body.png')</code> from
<code>background: url('/images/body.png')</code>; the newly-relative url is
relative to the location of the CSS file itself.
There is still additional broken behavior related to static asset loading
like the background image example, affecting custom fonts for example, but
these references are in the generated file <code>public/css/app.css</code>
as parts of third-party dependencies, and so these were left alone.


== SDS Laravel: Changes to Third-Party Dependencies ==
== SDS Laravel: Changes to Third-Party Dependencies ==

Revision as of 09:10, 22 May 2024


This document consists of multiple parts; for a directory to all of the parts, see SDSM:Index.

Description

This part of the SDS Modernization (SDSM) document enumerates a not necessarily exhaustive list of pending changes or improvements that were made to SDS, made by Darren Duncan if by whom is not otherwise specified.

It is similar to the Historical Changes part but that it describes work which was prepared and published in a Git branch but it was deemed premature to merge it to the trunk, such as due to a desire for more testing first, or because it was possibly unfinished; in contrast, Historical is for work that was merged to trunk.

RETURN

SDS Laravel: Changes to Third-Party Dependencies

2024 May 21: Upgrade Laravel from 8.x to 10.x

This task updated composer.json to require the latest PHP-8.1-compatible major version of the PHP library dependency Laravel, thus taking it from 8.x to 10.x.

To be more specific, it made these dependency changes:

  • barryvdh/laravel-debugbar (^3.7 to ^3.13.5)
  • directorytree/ldaprecord-laravel (^2.7.3 unchanged but upgrade exists)
  • etern8ty/beanstream (dev-master unchanged but upgrade exists)
  • fakerphp/faker (^1.23.1 unchanged)
  • fideloper/proxy (^4.4.2 removed as Laravel has its upgrade built-in)
  • goldspecdigital/laravel-eloquent-uuid (^8.0.1 removed as Laravel has its upgrade built-in)
  • guzzlehttp/guzzle (^7.8.1 unchanged)
  • intervention/image (^2.7.2 unchanged but upgrade exists)
  • juliomotol/laravel-auth-timeout (^3.1.1 to ^4.1)
  • lab404/laravel-impersonate (^1.7.5)
  • laravel/framework (^8.83.27 to ^10.48.11)
  • laravel/helpers (^1.7 unchanged but possibly no longer needed)
  • laravel/tinker (^2.9 unchanged)
  • laravel/ui (^3.4.6 to 4.5.2)
  • mockery/mockery (^1.6.12 unchanged)
  • nunomaduro/collision (^5.11 to ^7.10)
  • phpunit/phpunit (^10.5.20 unchanged)
  • spatie/laravel-ignition (^1.6.4 to ^2.7)
  • staudenmeir/eloquent-has-many-deep (^1.14.4 to ^1.19.3)

This task also updated these 5 PHP source files to be compatible with the replacement of goldspecdigital/laravel-eloquent-uuid with a Laravel built-in:

  • app/Models/Application/Application.php
  • app/Models/User.php
  • app/Models/User/Student.php
  • app/Models/User/Teacher.php
  • app/Models/User/UserContract.php

These further 3 files also referenced the trait but commented out, so not current users but possible past or future users:

  • app/Models/Application/AppUser.php
  • app/Models/User/Address.php
  • app/Models/User/Guardian.php

For each of the above 8 files, there were these 2 line subsitutions:

   use GoldSpecDigital\LaravelEloquentUUID\Database\Eloquent\Uuid;
   use Uuid;
   use Illuminate\Database\Eloquent\Concerns\HasUuids;
   use HasUuids;

Here is a description of the above built-in feature in Laravel 9.3+:

https://laravel.com/docs/11.x/eloquent#uuid-and-ulid-keys

The purpose of that reimplemented functionality was to empower use of generated UUIDs for primary key fields of some database tables instead of the serially generated integers that SDS Laravel more typically uses; Laravel Eloquent only gained built-in support for UUIDs with version 9.3.

This task also deleted the single PHP file app/Models/Traits/Uuids.php as it appeared to be unused.

This task also updated app/Http/Middleware/TrustProxies.php to be compatible with the replacement of fideloper/proxy with a Laravel built-in. The changes were in 2 spots.

First was this substitution:

   use Fideloper\Proxy\TrustProxies as Middleware;
   use Illuminate\Http\Middleware\TrustProxies as Middleware;

Second was this substitution:

   protected $headers = Request::HEADER_X_FORWARDED_ALL;
   protected $headers =
       Request::HEADER_X_FORWARDED_FOR |
       Request::HEADER_X_FORWARDED_HOST |
       Request::HEADER_X_FORWARDED_PORT |
       Request::HEADER_X_FORWARDED_PROTO |
       Request::HEADER_X_FORWARDED_AWS_ELB;

This task also updated app/Http/Middleware/AuthTimeoutMiddleware.php to be compatible with the juliomotol/laravel-auth-timeout upgrade.

There was this 1 substitution:

   use JulioMotol\AuthTimeout\Middleware\AuthTimeoutMiddleware as BaseMiddleware;
   use JulioMotol\AuthTimeout\Middlewares\CheckAuthTimeout as BaseMiddleware;

Note that juliomotol/laravel-auth-timeout must be upgraded simultaneously with Laravel since the former's versions 3.1.1 and 4.1 respectively require Laravel 8 and 10 respectively.

See https://github.com/juliomotol/laravel-auth-timeout/blob/master/CHANGELOG.md for more change details and upgrade notes on that.

This task also updated 51 PHP source files to be compatible with a breaking change made by Laravel itself with version 10.

Laravel supported a "dates" model attribute through version 9, and then Laravel 10 removed it. The function of this was to enumerate database/model fields that were supposed to be automatically converted to Carbon DateTime objects; so under Laravel 8, any "dates" declarations would be respected, while under Laravel 10 they would be ignored.

Compare:

As a result, simply upgrading SDS Laravel from Laravel 8 to 10 resulted in many parts of the app breaking in various ways including when simply visiting the post-login home screen, as PHP died with errors like Call to a member function format() on int.

To fix this, any instances of protected $dates = ['x',...] in model classes were replaced with protected $casts = ['x'=>'datetime',...] which was the more modern way to get the same functionality, which exists in both Laravel 8 and 10. For the few model classes that already had other $casts declarations, the replacements were merged with those.

While the "dates" change could have been its own task that was merged to trunk prior to and separately from the current Laravel 10 upgrade task, it was combined with the latter to streamline testing, as both had potential impacts over a large fraction of the app.

This task excluded upgrades to 3 PHP library dependencies for whom major upgrades existed, and upgrading those is left to separate tasks following the Laravel 8 to 10 upgrade.

RETURN