Re: Scoping of variables in _whimsy

[Craig Russell]

Thanks for all the help. I'm now able to test everything with the coi.cgi application. I've added an application password to gmail that allows me to access my gmail account from the ruby mail tool via the password in ~/.whimsy. I've changed the group and access rights for the local ~/.whimsy file to _www to allow httpd to access it. I've verified that I can read and create files in the documents/conflict-of-interest directory.  Now, I'm asking for a full review of the code that I've written. I'm having trouble accessing my github/gitbox accounts so I've attached the file here. I cannot update the coi branch until this is resolved. Some things to note: There are a few things that are used for both GET and POST, and I've attempted to properly capitalize them. But the code is still a bit unusual. I've disabled the commit of the affirmation file so it can be more easily tested.  I've disabled the cc: secretary on the confirmation email so it can be more easily tested. Any comments about style, indentation, grammar, best practices, etc. are fair comments. Thanks in advance for any comments. Craig

coi.cgi
Description: Binary data

On Jun 23, 2020, at 8:21 AM, Craig Russell <apache....@gmail.com> wrote: On Jun 23, 2020, at 3:10 AM, Sam Ruby <ru...@intertwingly.net> wrote: On Tue, Jun 23, 2020 at 5:16 AM sebb <seb...@gmail.com> wrote: I use Python to run a local mail debugger: $ python -m smtpd -n -c DebuggingServer localhost:1025 :sendmail: address: localhost port: 1025 delivery_method: smtp Cool!  This should be added to one of the markdown files in the whimsy repository..  Here's another option: https://nodemailer.com/smtp/testing/ Craig - it looks like gmail has changed.  It's their service, if you use it, I guess you need to abide by their changing rules. You should have gotten an email with a subject line of "Critical security alert" that explained that the "Sign-in attempt was blocked" and leads you to the following page: https://support.google.com/accounts/answer/185833 This, too, should be updated in the markdown files. I've temporarily set Google to allow malicious apps to use the email account. If I continue I will enable application password but for now, the local mail test program works ok. Finally, you can see what user and group the apache server runs under by looking at /etc/apache2/httpd.conf.  Search for User.  Either this user need to be able to read your ~/.whimsy file, or you need to change httpd.conf to use a different user.   It is set up for user _www group _www. I tried to make .whimsy readable by group _www but I cannot because I'm not in group _www. In fact, I cannot find user _www or group _www in my Apple Users and Groups. So how do I allow httpd to access .whimsy? If you change the user, some of the subdirectories in /srv will need their permissions changed.  setupmymac has a --user option which will change the server and these directories to run with your user id.  If you do that, you might want to lock down your server: https://github.com/apache/whimsy/blob/master/MACOSX.md#configure-apache-httpd-to-run-under-your-user-id - Sam Ruby Craig L Russell c...@apache.org Craig L Russell c...@apache.org