Redis session store on heroku - session

I am attempting to use redis store as my session store on heroku. It works fine in development but I am unable to get a redis connection on heroku. It is attempting to connect to a 127.0.0.1 instead of the correct redis server.
Error:
ActionView::Template::Error (Error connecting to Redis on 127.0.0.1:6379 (ECONNREFUSED)):
I have set the heroku redis config to the correct server (not really using for the session store but it is set)
REDISTOGO_URL: redis://redistogo:#################################carp.redistogo.com:9274/
session_store.rb
GrnAuth::Application.config.session_store :redis_store, :server => APP_CONFIG['redis_server'], key: '_grn_session'
environment.rb
# Load the rails application
require File.expand_path('../application', __FILE__)
require 'yaml'
APP_CONFIG = YAML.load_file("#{Rails.root}/config/config.yml")[Rails.env]
# Initialize the rails application
GrnAuth::Application.initialize!
config.yml
development:
redis_server: redis://localhost:6379/
test:
redis_server: redis://localhost:6379/
production:
redis_server: redis://redistogo:#################################carp.redistogo.com:9274/
When I console in to heroku I can check APP_CONFIG['redis_server'] and it is set to the redis server.
I have also set up a redis connection just to use that works.
redis.rb
uri = URI.parse(ENV["REDISTOGO_URL"] || "redis://localhost:6379/" )
$redis = Redis.new(:host => uri.host, :port => uri.port, :password => uri.password)
When I console in to heroku I can do and get the following
irb(main):001:0> $redis
=> #<Redis client v3.0.1 for redis://carp.redistogo.com:9274/0>
Any help would be much appreciated. Thank you.

It looks like this:
GrnAuth::Application.config.session_store :redis_store, :server => APP_CONFIG['redis_server'], key: '_grn_session'
Should instead be this:
GrnAuth::Application.config.session_store :redis_store, :servers => APP_CONFIG['redis_server'], key: '_grn_session'

Related

Ruby Oauth2.0: client_secret_post not working with ory hydra

I am trying to get a Ruby Oauth2.0 client talking with the Ory Hydra docker-compose 5 minute demo. I am stuck on the client app's authentication code exchange for the token. LOG is below. Looks like the main problem is the following "hashedPassword is not the hash of the given password".
DEBUG LOG FROM HYDRA SERVER
time="2019-06-04T21:32:09Z" level=info msg="started handling request" method=POST remote="172.19.0.2:35482" request=/oauth2/token
hydra_1
time="2019-06-04T21:32:09Z" level=error msg="An error occurred" debug="crypto/bcrypt: hashedPassword is not the hash of the given password" description="Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method)" error=invalid_client
hydra_1
time="2019-06-04T21:32:09Z" level=info msg="completed handling request" measure#hydra/public: http://127.0.0.1:4444/.latency=92931900 method=POST remote="172.19.0.2:35482" request=/oauth2/token status=401 text_status=Unauthorized took=92.9319ms
I've read up here and it would appear this 'is' possible.
Here is how I register my client 'test-app9' in hydra:
docker-compose -f quickstart.yml exec hydra hydra clients create --endpoint http://127.0.0.1:4445 --id test-app9 --secret secret--skip-tls-verify --grant-types authorization_code,refresh_token,client_credentials,implicit --response-types token,code,id_token --scope profile --callbacks http://127.0.0.1:8088/auth/callback --token-endpoint-auth-method client_secret_post -g client_credentials
I can indeed see the client appearing in the postgres DB from the docker-compose demo. The password 'secret' is hashed in the DB.
Here is my single Sinatra file acting as the Oauth2.0 client:
require 'rubygems'
require 'sinatra'
require 'oauth2'
require 'json'
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
# If you add your authentication in the header then use ~Sclient_secret_basic~T
# If you add your authentication details in the post use ~Sclient_secret_post~T
def client
OAuth2::Client.new('test-app9',
'secret',
# 'c2VjcmV0',
:site => "http://127.0.0.1:4445",
:logger => Logger.new('example.log'),
:authorize_url => "http://127.0.0.1:4444/oauth2/auth",
:token_url => "http://hydra:4444/oauth2/token")
end
set :root, File.dirname(__FILE__)
set :views, Proc.new { File.join(root, "views") }
set :run, true
set :port, 80
get "/" do
erb :index
end
get '/auth' do
authorization_url = client.auth_code.authorize_url(:redirect_uri => redirect_uri, :response_type => "code", :scope => "profile", :state => "pqrst1234")
puts "Redirecting to URL: #{authorization_url.inspect}"
redirect authorization_url
end
get '/auth/callback' do
begin
access_token = client.auth_code.get_token(params[:code], :redirect_uri => redirect_uri, :client_id => "test-app9", :client_secret => 'secret', :headers => {'Authorization' => 'basic_auth_header', 'client_id' => 'test-app9', 'client_secret' => 'c2VjcmV0'} )
api_url = "/me.json"
me = JSON.parse(access_token.get(api_url).body)
erb "<p>Your data:\n#{me.inspect}</p>"
rescue OAuth2::Error => e
erb %(<p>Wassup #{$!}</p><p>Retry</p>)
end
end
get '/auth/failure' do
erb "<h1>Authentication Failed:</h1><h3>message:<h3> <pre>#{params}</pre>"
end
def redirect_uri(path = '/auth/callback', query = nil)
uri = URI.parse(request.url)
uri.path = path
uri.query = query
uri.to_s
end
__END__
So some interesting notes:
It apparently does not matter what secret I initiate the OAuth2 client with. I can use 'secret' or the base64 encoded 'c2VjcmV0' string. Either way I get up to the token exchange portion.
I was shotgunning this and ended up putting the client_id and the client_secret in what I believe is the proper way to set in the headers as well as the body.
I have tried many variations of this. Can't seem to get the correct syntax that the author of this apparently succeeded with OR I'm hitting a bug (doubtful).
Anyone able to help here?
UPDATE
Fixed this myself. Problem was syntax issue when creating my client 'app'. This is the corrected version.
docker-compose -f quickstart.yml exec hydra hydra clients create --endpoint http://127.0.0.1:4445 --id test-app10 --secret secret --skip-tls-verify --grant-types authorization_code,refresh_token,client_credentials,implicit --response-types token,code,id_token --scope profile --callbacks http://127.0.0.1:8088/auth/callback --token-endpoint-auth-method client_secret_post -g client_credentials

Ruby Datamapper connection with SSL to MariaDB on Amazon RDS

How do I establish a ruby Datamapper connection to MariaDB on Amazon RDS with SSL?
Here's what I did:
A non-SSL connection works when testing with:
uri = 'mysql://user:pass#host:port/db_name'
connection = DataObjects::Connection.new(uri)
=> #<DataObjects::Mysql::Connection:0x000056179a3a5921
connection.secure?
=> false
According to the MySQL datamapper wiki, an ssl connection requires the following options: :ssl_ca, :client_key, and :client_cert.
This would result in the following code:
uri = 'mysql://user:pass#host:port/db_name?'
ssl_opts = 'ssl[ssl_ca]=file&ssl[client_key]=file&ssl[client_cert]=file'
connection = DataObjects::Connection.new(uri + ssl_opts)
connection.secure?
=> false
However the only files get is the RDS combind CA bundle, refered from the RDS docs
I do not have a client_cert at all.
Connecting with the mysql client on cli works with SSL:
mysql --ssl -h host -u user -p pass db_name
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 1638
Server version: 10.1.26-MariaDB MariaDB Server
In doc
https://github.com/datamapper/do/wiki/MySQL
It also says
as tested only ca_cert was required to connect to RDS.
So try adding only ca_cert path and do a test
There's only one parameter required: :ssl => {:ca_cert => 'pem_file'}.
However it looks like using uri string for configuration does not work. The reason is a limitation in Addressable::Uri. It cannot handle query strings which aim to represent hashes with more than 1 level.
The good news is that it works using DataMapper.setup with a config Hash:
DataMapper.setup(:default,
:adapter => 'mysql',
:user => 'user',
:database => 'db_name',
:host => 'host',
:password => 'pass',
:ssl => {
:ca_cert => '/path/to/rds-combined-ca-bundle.pem'
}
)

Redis::TimeoutError in Rails application

I keep getting Redis::Timeout error in my application (both in UI and in background jobs). I am using AWS ElastiCache service for Redis.
This is how I create a Redis connection. In my config/application.rb , I have:
$redis = Redis.new(host: REDIS_HOST, port: REDIS_PORT, db: REDIS_DB)
How can I avoid getting timeout errors? I am using the default connection settings as follows:
> $redis.client.options[:reconnect_attempts]
=> 1
> $redis.client.options[:timeout]
=> 5.0
> $redis.client.options[:tcp_keepalive]
=> 0
> $redis.client.options[:inherit_socket]
=> false
You should pool your Redis connections with the help of the Connection Pool Gem and increase the timeout value if the problem persists:
ConnectionPool.new(size: 5, timeout: 3) {Redis.new({:host => 'localhost', :port => 6379, :db => 1, :timeout => 240})}
Redis Gem

dalli on heroku not caching

I want to enable action caching in my rails app on heroku.
In development.rb I set:
config.action_controller.perform_caching = true
and see in logs
Started GET "..." for 127.0.0.1 at 2013-05-17 14:03:25 +0400
...
Write fragment ...
OR
Read fragment ... (0.2ms)
->
To move to production I installed memcache add-on via $heroku addons:add memcache , installed new gem in Gemfile: gem 'dalli' and changed settings in production.rb:
config.action_controller.perform_caching = true
config.cache_store = :dalli_store #, ENV['MEMCACHE_SERVERS'], { :namespace => 'myapp', :expires_in => 1.day, :compress => true }
I have also tried to enable those two commented parameters, but anyway I don't see Read/Write fragment ... pieces in logs, I see that app gets authenticated, but cache is always missing
Started GET "..." for 195.178.108.38 at 2013-05-17 09:54:19 +0000
Dalli/SASL authenticating as myapp%40heroku.com
Dalli/SASL: Authenticated
cache: [GET ...] miss
Running $heroku run console I check that the cache is loading:
irb(main):001:0> Rails.cache.read('color')
Dalli/SASL authenticating as myapp%40heroku.com
Dalli/SASL: Authenticated
=> nil
irb(main):002:0> Rails.cache.write('color', 'red')
=> true
irb(main):003:0> Rails.cache.read('color')
=> "red"
Why action caching does not work?
Can you try using memcachier instead?
remove memcahe add-on
add memcachier add-on
add "memcachier" gem just above "dalli" in your gem file
it should "just work"
See here in the DevCenter: Memcachier

Is there any way to get resque-web to work with Redis To Go hosted redis instance?

Is there any way to get resque-web to work with a Redis To Go hosted redis instance?
UPDATE:
#Nemo157's suggestion was correct. Ended up creating a test-evn.rb containing:
uri = URI.parse(" redis://XXXX#catfish.redistogo.com:9122")
Resque.redis = Redis.new(:host => uri.host, :port => uri.port, :password => uri.password)
Pass it the config file you're using to setup redis in the app, e.g.
resque-web ./environment.rb
where environment.rb contains something like:
Resque.redis = Redis.new(:host => "path.to.host", :port => 6379)
Note: I haven't tested this since all my redis instances have been on localhost, but that's my understanding of how it works.

Resources