From 25c174870fec0e020afabe9f1a77439300b3a05c Mon Sep 17 00:00:00 2001 From: "Justin M. Wray" Date: Mon, 5 Jun 2017 18:00:01 -0400 Subject: [PATCH] Merge of /master into /dev - Baseline for Development (#509) * add hindi translation * added hindi translation * Update lang_hi.php * Error Checking During Build Tests (#452) * Error Checking During Build Tests * Execute hh_client during build tests. * Currently the PHP built-in getimagesizefromstring function is not in the HHVM upstream hhi, and therefore generates an error. In the future, once getimagesizefromstring is added upstream, we should use the hh_client exit status. * * Readded execute permissions to the script. * HHVM/Hack Typing Error Fixes (#450) * HHVM/Hack Typing Error Fixes * Fixed a few HHVM/Hack typing and strict compliance issues. * This is necessary before hh_client can run and be enforced during the build process. (See comments on #435) * * Updated formatting. * Require bxslider version 4.2.6 (Fixes #455) (#458) * This resolves a current build error #455. * bxslider was updated from 4.2.6 to 4.2.7 on February 14th. Previously FBCTF allowed for a near match to 4.2.6. However, FBCTF fails to build with 4.2.7. During the installation, process grunt failed to build the browserify javascript. * Fixed Syntax Errors in Hindi Language (Fixes Build Errors) (#460) * Fixed minor syntax error due to character encoding. * This will ensure the project builds (no Hack errors). * Automated Game Start and Stop (#449) * Automated Game Start and Stop * Games will automatically start and stop at their scheduled times. Administrators can still manually start or stop a game regardless of the configured schedule. * Both Control::genAutoBegin() and Control::genAutoEnd() were added to check the current time against the scheduled start or stop time and perform the relevant action (Control::genBegin or Control::getEnd). * Control::genAutoRun() checks the current game status and determine if the game should be starting or ending, calling the appropriate function (Control::genAutoBegin or Control::getAutoEnd) and is exclusively used in the new autorun.php script. * Control::genRunAutoRunScript() runs the new autorun.php script, ensuring the script is not already running before starting a new copy. * The Router class was updated to include a call to Control::genRunAutoRunScript(), this ensures the script is always running. This script status check, and execution when needed, only takes place on a full page load. * The autorun.php script runs Control::genAutoRun() and sleeps up to 30 seconds. * If the game is scheduled to start or stop within 30 seconds, the script will sleep for the necessary amount of time. * Games will always start with at most a 29-second difference from the scheduled time. This discrepancy can only take place if the schedule is changed within 30 seconds of the previously scheduled time. Otherwise, the execution will happen at the scheduled time. * This automation is self-contained and requires no additional dependencies or external services (like cron, etc.). * * Allow administrators to define the cycle time (in seconds) for the autorun process. This time will be used for the sliding sleep. * * Added sanitization to the autorun script path/file. * Attachments and Links Import/Export, Database Restore, and Control Cleanup (#451) * Attachments and Links Import/Export, Database Restore, and Control Cleanup * Attachments can now be exported and imported. On export, attachments are downloaded into a Tar Gzip and securely extracted on import. * Links and Attachments data is now provided within the Levels export. Users must import both the Level data and the Attachment files to restore the levels with attachments. * A database restore option has been added which utilizes the backed up database content. This overwrites all data in the database. * The Control page has been reorganized to align the various functionality better. * Memcached flushing has been added to all relevant data imports. * Error handling has been added to the various import functions. * * Removed getter function for the Attachment constant. * Switched double quotes with single quotes. * Update README.md * Update README.md * Update README.md * Update README.md * Live Sync API (#459) * Live Sync API * Introducing the Live Sync API. * The Live Sync API allows administrators to import game activity in near-real-time. Users can link their accounts on one or more FBCTF platform instances and their scores will be automatically imported into the systems that have been linked. * The primary use-case revolves around event aggregation across multiple FBCTF instances. Event organizers can now separate FBCTF instances and combine scores into one global scoreboard. * The Live Sync API will import Levels, Categories, Scoring Events, and Hint Usage. Scores are automatically calculated, and bonuses are updated to ensure accurate scoring across linked FBCTF instances. * Administrators determine which systems, if any, are linked. * Users must link their account in order for their activity to be synced. * The UI/UX of FBCTF has been updated to include a mechanism for users to configure their Live Sync credentials. * Users cannot obtain hints or capture levels on the importing system. * The API is JSON based and the schema is generalized so that it can leveraged by other platforms or external processes. So data can be synced from non-FBCTF platforms. * The importing script will automatically handle country conflicts (if two systems have the same country selected for a level). * USER GUIDE (Documentation): * Users must first have an account on all FBCTF instances they wish to link. * The user must then login and access the game board. * From the navigation menu, the user should select "Account." * The user must then set a Live Sync username and password. The Live Sync username and password must not be their login credentials. In fact, users are prohibited from using their account password as their Live Sync password. * The user would repeat the above steps for each FBCTF instance they wish to link. The Live Sync credentials must be the same on each FBCTF instance or their accounts will not be linked. * ADMIN GUIDE (Documentation): * The admin is free to sync as many platforms as their desire. Additionally the admin may import from as many API sources as their desire. * The admin will need to launch the "live import" script, on any importing systems, from the command-line: * `hhvm -vRepo.Central.Path=/var/run/hhvm/.hhvm.hhbc_liveimport /var/www/fbctf/src/scripts/liveimport.php ` * Disabling of the SSL Verification and Debugging are both optional. The URL(s) and Sleep time are required arguments. * EXAMPLE: `hhvm -vRepo.Central.Path=/var/run/hhvm/.hhvm.hhbc_liveimport /var/www/fbctf/src/scripts/liveimport.php "https://10.10.10.101/data/livesync.php https://10.10.10.102/data/livesync.php https://10.10.10.103/other/platform/api" 300 true true` * API SCHEMA (JSON): * JSON: [{"active":true,"type":"flag","title":"Example Level 1","description":"This is the first example level.","entity_iso_code":"TJ","category":"None","points":100,"bonus":30,"bonus_dec":10,"penalty":10,"teams":{"fbctf:user1:$2y$12$a1T4KyqqxADi3YIJ7M2sf.VoSHz6qMBx.zrxAIvZnD8de95EsLeny":{"timestamp":"2017-02-17 02:20:22","capture":true,"hint":false}}}] * Explained (Formatted output for readability - the actually data must be in valid JSON format): [0] => Array ( [active] => 1 // Level Status (Enabled/Disabled) [type] => flag // Level Type (Flag or Quiz) [title] => Example Level 1 // Level Name [description] => This is the first example level. // Level Description [entity_iso_code] => US // Country Code (Mapping) [category] => None // Level Category [points] => 100 // Points [bonus] => 30 // Bonus Points [bonus_dec] => 10 // Bonus Point Decrement [penalty] => 0 // Hint Cost [teams] => Array ( [fbctf:user3:$2y$12$GIR7V0Q2OMDv8cTTOnzKVpGYgR4.pWTsPRHtZ3yenKZ9JxOabx4m2] => Array // Live Sync Type, Live Sync Username, Live Sync Key (Hash) ( [timestamp] => 2017-02-17 01:09:24 // Activity Timestamp [capture] => 1 // Capture Status [hint] => // Hint Used ) ) ) * Example (Formatted output for readability - the actually data must be in valid JSON format): Array ( [0] => Array ( [active] => 1 [type] => flag [title] => Example Level 1 [description] => This is the first example level. [entity_iso_code] => US [category] => None [points] => 100 [bonus] => 30 [bonus_dec] => 10 [penalty] => 0 [teams] => Array ( ) ) [1] => Array ( [active] => 1 [type] => flag [title] => Example Level 2 [description] => This is the second example level. [entity_iso_code] => OM [category] => None [points] => 100 [bonus] => 30 [bonus_dec] => 10 [penalty] => 0 [teams] => Array ( [fbctf:user1:$2y$12$n.VmlNNwxmZ/OkGGuhVhFeX0VExAgjoaYzyetLCIemSXN/yxWXLyO] => Array ( [timestamp] => 2017-02-17 01:01:49 [capture] => 1 [hint] => 1 ) [fbctf:user2:$2y$12$GIDv8cR7V0nzKVpQ2OMTTOGYgR4.pWTxOPRH9abtsJZ3yenKZx4m2] => Array ( [timestamp] => 2017-02-17 01:21:13 [capture] => 1 [hint] => 1 ) ) ) [2] => Array ( [active] => 1 [type] => flag [title] => Example Level 3 [description] => This is the third example level. [entity_iso_code] => MA [category] => None [points] => 100 [bonus] => 30 [bonus_dec] => 10 [penalty] => 0 [teams] => Array ( [fbctf:user2:$2y$12$GIDv8cR7VpQ2OM0nzKVTTOGYgR4.pWTxOabtsPRH9JZ3yenKZx4m2] => Array ( [timestamp] => 2017-02-17 01:18:45 [capture] => 1 [hint] => ) [fbctf:user1:$2y$12$n.VmlNNwxmZ/OkGGuhVhFeXYzExAg0VoajyetLCIemSXN/yxWXLyO] => Array ( [timestamp] => 2017-02-17 01:01:41 [capture] => 1 [hint] => ) ) ) [3] => Array ( [active] => 1 [type] => flag [title] => Example Level 4 [description] => This is the second example level. [entity_iso_code] => RO [category] => None [points] => 100 [bonus] => 30 [bonus_dec] => 10 [penalty] => 0 [teams] => Array ( [fbctf:user3:$2y$12$GIDv8cR7V02OnzKVpQMTTOGYgR4.pWTsPOabtZRH9Jx3yenKZx4m2] => Array ( [timestamp] => 2017-02-17 01:09:24 [capture] => 1 [hint] => ) ) ) ) * TO DO (Enhancements): * Implemented alternative Live Sync key/authentication mechanisms, such as: Facebook Login, OAuth, etc. * Improve the processing of Bases/Progressive scoring. * Integrate password strength enforcement for the Live Sync credentials. * * Added unit tests for Live Sync to TeamTest * * Updated unit tests for the Live Sync API. * Added Google OAuth to Live Sync API * Google OAuth can now be used with the Live Sync when the exporting system provides the "google_oauth" type and provides the email address of the user in base64 encoded form. * Added Google OAuth UI/UX. If enabled, this allows a user to link their Google account to their FBCTF account using Google OAuth. The user simply navigates to the account page and clicks the "Link Your Google Account" button and completes the sign-in/authorization process. * Administrators must enable Google OAuth. When disabled the option does not appear for the users. To enable Google OAuth the administrator must first create a Google API account and then place the API secrets file on the system (in a non-web directory). The administrator would then set the full path to the API secrets file in the settings.ini file, within the GOOGLE_OAUTH_FILE field. * The Live Sync API has been updated to handle the "google_oauth" type case. * The liveimport.php script has been updated to set default values for some of the API fields. The following fields are mandatory: * title * description * points * teams * The live import code has also been updated to ensure duplicate levels, when using a combination of non-defined and defined countries, are not generated. * The project now requires google/apiclient ^2.0 from composer. Updated composer.json and composer.lock to define the new dependencies. * Minor formatting updates. * * Ensure mandatory fields are set, gracefully skip when they are not. * Refined Live Import CLI Options and Updated Google OAuth Data * The live sync import script (livesync.php) now utilizes `getopts()` to provide more user-friendly option input to the command-line script. The script will provide a help message upon usage without the required field(s). Here is the help message text: ``` Usage: hhvm -vRepo.Central.Path=/var/run/hhvm/.hhvm.hhbc_liveimport /var/www/fbctf/src/scripts/liveimport.php --url [Switched allowed multiple times. Optionally provide custom HTTP headers after URL, pipe delimited] --sleep