SDSM:Pending Changes
This document consists of multiple parts; for a directory to all of the
parts, see SDSM:Index.
Description
This part of the SDS Modernization (SDSM) document enumerates a not necessarily exhaustive list of pending changes or improvements that were made to SDS, made by Darren Duncan if by whom is not otherwise specified.
It is similar to the Historical Changes part but that it describes work which was prepared and published in a Git branch but it was deemed premature to merge it to the trunk, such as due to a desire for more testing first, or because it was possibly unfinished; in contrast, Historical is for work that was merged to trunk.
SDS Laravel: Fixes to Broken Behavior
2024 May 20: Timeout Feature Broken In Sub-Directory Hosted Apps
SDS Laravel has a security feature such that if a user is inactive for a period of time, 15 minutes typically, they will be automatically logged out of the app. The app displays a countdown timer on the top right hand corner of the screen that ticks for every second of activity. Javascript code running in the client web browser will normally reset the countdown to the full amount whenever a user interface (UI) event occurs that it considers continued user activity, such as mouse movement over the screen.
This feature is implemented partly by the web client invoking the
/session
endpoint on the server.
That invocation fails on any SDS Laravel app instance that is hosted at
a web address which is a sub-directory of the base url (meaning it is based
at an address like https://foo.com/bar
rather than at an
address like just https://foo.com
). This is because the web
client is trying to unconditionally treat every app instance as if it is
hosted directly at the base url with respect to its attempts to invoke the
/session
endpoint, and so it is invoking the wrong web address
for instances that are at sub-directory urls.
As a result, for broken app instances, while the first UI activity indicating continued user activity will reset the countdown timer displayed on screen to the user, all subsequent UI activity will have no effect on the timer, and it will not reset, and the server will not be aware of this activity. Only a full page load like clicking a link to a new page will register as activity and reset the timer.
This breakage affects all SDS Laravel instances at https://sdsdev.smus.ca which are in sub-directories.
The primary change of this task fixes the problem by making the web client
respect the actual location of the app when invoking /session
.
Mainly it is a 1-line change in the Laravel Blade template file
resources/views/layouts/main.blade.php
to use
url: '{{route('session')}}'
rather than
url: '/session'
.
An additional change of this task is to fix a problem where the
app's background image doesn't display for the same underlying reason. The
problem is that the web client is trying to load the image
public/images/body.png
from the wrong location. The fix
updates 1 line in the CSS file public/css/smus_custom.css
to
background: url('../images/body.png')
from
background: url('/images/body.png')
; the newly-relative url is
relative to the location of the CSS file itself.
There is still additional broken behavior related to static asset loading
like the background image example, affecting custom fonts for example, but
these references are in the generated file public/css/app.css
as parts of third-party dependencies, and so these were left alone.
SDS Laravel: Changes to Third-Party Dependencies
2024 May 21: Upgrade Laravel from 8.x to 10.x
This task updated composer.json
to require the latest
PHP-8.1-compatible major version of the PHP library dependency Laravel,
thus taking it from 8.x
to 10.x
.
To be more specific, it made these dependency changes:
- barryvdh/laravel-debugbar (^3.7 to ^3.13.5)
- directorytree/ldaprecord-laravel (^2.7.3 unchanged but upgrade exists)
- etern8ty/beanstream (dev-master unchanged but upgrade exists)
- fakerphp/faker (^1.23.1 unchanged)
- fideloper/proxy (^4.4.2 removed as Laravel has its upgrade built-in)
- goldspecdigital/laravel-eloquent-uuid (^8.0.1 removed as Laravel has its upgrade built-in)
- guzzlehttp/guzzle (^7.8.1 unchanged)
- intervention/image (^2.7.2 unchanged but upgrade exists)
- juliomotol/laravel-auth-timeout (^3.1.1 to ^4.1)
- lab404/laravel-impersonate (^1.7.5)
- laravel/framework (^8.83.27 to ^10.48.11)
- laravel/helpers (^1.7 unchanged but possibly no longer needed)
- laravel/tinker (^2.9 unchanged)
- laravel/ui (^3.4.6 to 4.5.2)
- mockery/mockery (^1.6.12 unchanged)
- nunomaduro/collision (^5.11 to ^7.10)
- phpunit/phpunit (^10.5.20 unchanged)
- spatie/laravel-ignition (^1.6.4 to ^2.7)
- staudenmeir/eloquent-has-many-deep (^1.14.4 to ^1.19.3)
This task also updated these 5 PHP source files to be compatible with the
replacement of goldspecdigital/laravel-eloquent-uuid
with a
Laravel built-in:
- app/Models/Application/Application.php
- app/Models/User.php
- app/Models/User/Student.php
- app/Models/User/Teacher.php
- app/Models/User/UserContract.php
These further 3 files also referenced the trait but commented out, so not current users but possible past or future users:
- app/Models/Application/AppUser.php
- app/Models/User/Address.php
- app/Models/User/Guardian.php
For each of the above 8 files, there were these 2 line subsitutions:
use GoldSpecDigital\LaravelEloquentUUID\Database\Eloquent\Uuid; use Uuid;
use Illuminate\Database\Eloquent\Concerns\HasUuids; use HasUuids;
Here is a description of the above built-in feature in Laravel 9.3+:
https://laravel.com/docs/11.x/eloquent#uuid-and-ulid-keys
The purpose of that reimplemented functionality was to empower use of generated UUIDs for primary key fields of some database tables instead of the serially generated integers that SDS Laravel more typically uses; Laravel Eloquent only gained built-in support for UUIDs with version 9.3.
This task also deleted the single PHP file
app/Models/Traits/Uuids.php
as it appeared to be unused.
This task also updated app/Http/Middleware/TrustProxies.php
to
be compatible with the replacement of fideloper/proxy
with a
Laravel built-in. The changes were in 2 spots.
First was this substitution:
use Fideloper\Proxy\TrustProxies as Middleware;
use Illuminate\Http\Middleware\TrustProxies as Middleware;
Second was this substitution:
protected $headers = Request::HEADER_X_FORWARDED_ALL;
protected $headers = Request::HEADER_X_FORWARDED_FOR | Request::HEADER_X_FORWARDED_HOST | Request::HEADER_X_FORWARDED_PORT | Request::HEADER_X_FORWARDED_PROTO | Request::HEADER_X_FORWARDED_AWS_ELB;
This task also updated
app/Http/Middleware/AuthTimeoutMiddleware.php
to be
compatible with the juliomotol/laravel-auth-timeout
upgrade.
There was this 1 substitution:
use JulioMotol\AuthTimeout\Middleware\AuthTimeoutMiddleware as BaseMiddleware;
use JulioMotol\AuthTimeout\Middlewares\CheckAuthTimeout as BaseMiddleware;
Note that juliomotol/laravel-auth-timeout
must be upgraded
simultaneously with Laravel since the former's versions 3.1.1 and 4.1
respectively require Laravel 8 and 10 respectively.
This task also updated 51 PHP source files to be compatible with a breaking change made by Laravel itself with version 10.
Laravel supported a "dates" model attribute through version 9, and then Laravel 10 removed it. The function of this was to enumerate database/model fields that were supposed to be automatically converted to Carbon DateTime objects; so under Laravel 8, any "dates" declarations would be respected, while under Laravel 10 they would be ignored.
Compare:
- https://laravel.com/api/9.x/Illuminate/Database/Eloquent/Concerns/HasAttributes.html
- https://laravel.com/api/10.x/Illuminate/Database/Eloquent/Concerns/HasAttributes.html
As a result, simply upgrading SDS Laravel from Laravel 8 to 10 resulted
in many parts of the app breaking in various ways including when simply
visiting the post-login home screen, as PHP died with errors like
Call to a member function format() on int
.
To fix this, any instances of protected $dates = ['x',...]
in model classes were replaced with
protected $casts = ['x'=>'datetime',...]
which was the more modern way to get the same functionality, which exists
in both Laravel 8 and 10. For the few model classes that already had other
$casts
declarations, the replacements were merged with those.
While the "dates" change could have been its own task that was merged to trunk prior to and separately from the current Laravel 10 upgrade task, it was combined with the latter to streamline testing, as both had potential impacts over a large fraction of the app.
This task also explored upgrades to some other PHP library dependencies but they were excluded due to requiring more substantial code changes for compatibility, and will be returned to later.