cassiopc / boca Goto Github PK

What is this issue about?

The incorrect IP is obtained for all users when BOCA runs behind a reverse proxy (e.g., Traefik).

The problem occurs because in the part of the code in which the user IP is obtained only the environment variable REMOTE_ADDR is taken into account. It's important to keep in mind that running BOCA with a reverse proxy, REMOTE_ADDR will be always the proxy's IP (even though users have logged in from different machines), thus BOCA will show the same IP for all users.

https://github.com/cassiopc/boca/blob/master/src/globals.php#L258-L259

This issue allows to bypass the MultiLogins option set to 'No' when using BOCA + reverse proxy (that means that the same user account could be potentially used to log in from different machines).

How to test it?

• Requirements
  • Git
  • Docker

git clone --branch test_fix_getip_proxy https://github.com/rlaiola/boca.git
cd boca
# Launch application (it may take a while)
docker compose up -d
# Open a web browser and visit the URL http://localhost/boca.
# First, create and activate a BOCA contest (user: system | password: boca).
# Then, login as admin (user: admin | password: boca).
# Visit the users' page to see that the admin IP is 192.168.0.100
# To stop the application:
docker compose down

Hi 

I'm interested on working on different clients to publish information about the 
contest - following the rules of the Tournament - and it would be helpful to 
have a Message Bus, where my clients could connect to have real time event 
notifications for  important events, like when a problem was solved, when the 
contest was stopped and so on. 

I'm willing to help with the implementation details. But i would like to 
discuss first if is a good idea before starting to code anything.

Thanks 

Original issue reported on code.google.com by [email protected] on 8 Jul 2013 at 5:07

What is this issue about?

The User Interface (UI) shows the user full name instead of the username.

The problem occurs in the following files:

https://github.com/cassiopc/boca/blob/master/src/admin/header.php#L65
https://github.com/cassiopc/boca/blob/master/src/judge/header.php#L69
https://github.com/cassiopc/boca/blob/master/src/score/header.php#L51
https://github.com/cassiopc/boca/blob/master/src/staff/header.php#L54
https://github.com/cassiopc/boca/blob/master/src/system/header.php#L51
https://github.com/cassiopc/boca/blob/master/src/team/header.php#L54

How to test it?

• Requirements
  • Git
  • Docker

git clone --branch test_master https://github.com/rlaiola/boca.git
cd boca
# Launch application (it may take a while)
docker compose up -d
# Open a web browser and visit the URL http://localhost:8000/boca.
# First, create and activate a BOCA contest (user: system | password: boca).
# Then, login as admin (user: admin | password: boca).
# To stop the application:
docker compose down

What is this issue about?

If the autojudge is started before a contest is created and activated, it is necessary to kill the process and restart it in order to have the runs of that contest judged. The problem also happens if one creates and activates yet another contest, jail (autojudge) will not judge runs of the just activated contest until it is restarted.

The problem occurs because in the autojudge code the variable that holds the active contest is set here...

https://github.com/cassiopc/boca/blob/master/src/private/autojudging.php#L82

but it's never updated inside the infinite loop. Thus the autojudge gets stuck here...

https://github.com/cassiopc/boca/blob/master/src/private/autojudging.php#L87-L96

This seems to be an unexpected behavior (at least from a contest creator perspective) and, more importantly, it requires human intervention to make it work (that is, autojudge needs to be restarted) every single time another contest is activated. Although creating and activating different contests on the same host machine might not be a frequent use case, this imposes a caveat.

How to test it?

In order to demonstrate the problem, a dockerized version of BOCA is used.

1. Open a Terminal window and make sure Docker Desktop/CE is up and running;

   

2. Download/save the docker-compose.yml file and place it in the shell current directory (~/Downloads in the example);

   docker-compose.yml

   version: '3.8'
   
   services:
   
       # web app
       boca-web:
           image: ghcr.io/joaofazolo/boca-docker/boca-web:1.1.0
           depends_on:
               - boca-db
           restart: unless-stopped
           environment:
               # database configuration
               # privileged user password
               - BOCA_DB_SUPER_PASSWORD=dAm0HAiC
           ports: 
               - 8000:80
   
       # online judge
       boca-jail:
           image: ghcr.io/joaofazolo/boca-docker/boca-jail:1.1.0
           depends_on:
               - boca-db
           restart: unless-stopped
   
       # database
       boca-db:
           image: postgres:14-alpine
           environment:
               # database configuration
               # privileged user password
               - POSTGRES_PASSWORD=dAm0HAiC
   
   

3. Then, run:

    docker-compose -f docker-compose.yml up -d
   

   

   NOTE: In this example the autojudge (downloads-boca-jail-1) is started alongside the web service (downloads-boca-web-1). Therefore, $activecontest=DBGetActiveContest(); will be set to 0 (Fake contest) as soon as autojudge is up and running (and before a new contest is created via the web interface).

4. Open a Web browser, visit localhost:8000/boca and log in with the credentials Name: system | Password: boca;

5. Click on the 'Contest' menu (top/left) and select 'new' in the ComboBox;

6. Leave the form as it is, click on the button 'Send' (confirm it) and then on 'Activate' (confirm it). You will be automatically logged out;

   

   NOTE: The id (Contest number) of this contest is 1, which is different from the value of the aforementioned $activecontest variable at the autojudge.

7. Log in with the credentials Name: admin | Password: boca;

8. Click on the 'Problems' menu and fill in the form with the information below. Download the problem file from here and choose it in the 'Choose File' button. Click on the 'Send' button and confirm ('OK'). The new problem must appear in the list;

   Number:	1
   Short Name (usually a letter, no spaces): abacaxi
   Problem package (ZIP): abacaxi.zip
   Color name: green
   Color (RGB HTML format): 00FF00
   

   

9. Click on the 'Users' menu and fill in the form with the information below. Click on the 'Send' button and confirm ('OK'). The new user must appear in the list. After that, just log out;

   User Site Number: 1
   User Number: 2000
   Username: topcoder
   ICPC ID: 
   Type: Team
   Enabled: Yes
   MultiLogins (local teams should be set to No): No
   User Full Name: 
   User Description: 
   User IP: 
   Password: boca
   Retype Password: boca
   Allow password change: No
   Admin (this user) Password: boca
   

   

10. Next, log in with the credentials Name: topcoder | Password: boca. Once the contest starts, click on the 'Runs' menu and fill in the form with the information below. It doesn't really matter the source code file, just pick a file, click on the 'Send' button and confirm ('OK'). The new run must appear in the list. After that, just log out;

    Problem: abacaxi
    Language: C
    Source code: teste.c
    

    

11. Log in once again with the credentials Name: admin | Password: boca and click on the 'Runs' menu. Although the autojudge is up and running, it will not judge the submitted run due to the problem described above;

    

12. In order to 'fix' that it is necessary to restart the autojudge. In this example, this is achieved restarting the container with the command below (change the container name accordingly):

    docker restart downloads-boca-jail-1
    

    

13. Just reload the current web page (that is 'Runs' logged in as admin), click on the run number and you will be able to see that it was judged by the autojudge;

    

14. To stop the application (considering that the shell is in the same directory):

     docker-compose -f docker-compose.yml down
    

A saida do programa sera mais ou menos assim:
1 16 é um numero perfeito, e sua raiz é 4.
Lembrando que para fazer isso, a magica esta nos numero impares, caso a soma 
dos mesmo seja igual ao numero digitado.
EX:
1+3+5+7 = 16.

Original issue reported on code.google.com by [email protected] on 1 Mar 2013 at 7:00

What is this issue about?

Teams (users) cannot log in from different Web browsers (User Agents) when BOCA runs behind a reverse proxy (e.g., Traefik), which allows for a custom URL like inf.university.br/boca, even though the MultiLogins option is set to 'Yes'.

The problem occurs because in the part of the code in which the User Agent is considered the usermultilogin flag is not taken into account. It's important to keep in mind that running BOCA with a reverse proxy, all User IPs will be always the same (actually, they will have the proxy's IP).

https://github.com/cassiopc/boca/blob/master/src/flog.php#L166-L189

This issue does not allow using BOCA + reverse proxy to host remote programing contests, in which even the team members are non-collocated (considering all of them would be able to log in with the same account credentials).

How to test it?

In order to rapidly demonstrate the problem, a dockerized version of BOCA is used.

docker-compose.yml

version: '3'

services:

    traefik:
        image: "traefik:v2.6"
        container_name: "traefik"
        command:
              #- "--log.level=DEBUG"
              - "--api.insecure=true"
              - "--providers.docker=true"
              - "--providers.docker.exposedbydefault=false"
              - "--entrypoints.web.address=:80"
        ports:
              - "80:80"
              - "8080:8080"
        volumes:
            - "/var/run/docker.sock:/var/run/docker.sock:ro"

    boca-web:
        image: ghcr.io/joaofazolo/boca-docker/boca-web:1.0.0
        privileged: true
        restart: unless-stopped
        depends_on:
            - boca-postgres
        environment:
            # Database configuration
            - DB_HOST=boca-postgres
            - DB_PORT=5432
            - DB_NAME=bocadb
            # unprivileged boca user
            - DB_USER=bocauser
            - DB_PASSWORD=dAm0HAiC
            # privileged boca user
            - DB_SUPER_USER=bocauser
            - DB_SUPER_PASSWORD=dAm0HAiC
            # initial password that is used by the admin user (web app)
            # If not set, the default value is 'boca'
            - BOCA_PASSWORD=boca
            # secret key to be used in HTTP headers
            # MUST set it with any random large enough sequence
            - BOCA_KEY=GG56KFJtNDBGjJprR6ex
        labels:
            - "traefik.enable=true"
            - "traefik.http.routers.boca.rule=Host(`localhost`) && PathPrefix(`/boca`)"
            - "traefik.http.routers.boca.entrypoints=web"
            - "traefik.http.services.boca.loadbalancer.server.port=80"

    boca-jail:
        image: ghcr.io/joaofazolo/boca-docker/boca-jail:1.0.0
        privileged: true
        restart: unless-stopped
        depends_on:
            - boca-postgres
        environment:
            # Database configuration
            - DB_HOST=boca-postgres
            - DB_PORT=5432
            - DB_NAME=bocadb
            # unprivileged boca user
            - DB_USER=bocauser
            - DB_PASSWORD=dAm0HAiC
            - PASSWD=dAm0HAiC

    boca-postgres:
        image: postgres
        container_name: boca-postgres
        restart: unless-stopped
        environment:
            # Database configuration
            # privileged boca user
            POSTGRES_USER: bocauser
            POSTGRES_PASSWORD: dAm0HAiC

1. Open a Terminal window and make sure Docker Desktop/CE is up and running;

2. Download/save the file docker-compose.yml and place it in the shell current directory (~/Downloads in the example). Then, run:

    docker-compose -f docker-compose.yml up -d
   

1. Open a Web browser, visit localhost/boca and log in with the credentials Name: system | Password: boca;
2. Click on the 'Contest' menu (top/left) and select 'new' in the ComboBox;
3. Leave the form as it is, click on the button 'Send' (confirm it) and then on 'Activate' (confirm it). You will be automatically logged out;
4. Log in with the credentials Name: admin | Password: boca;
5. Click on the 'Users' menu and fill in the form with the information below (IMPORTANT: the MultiLogins field must be set to YES). Click on the 'Send' button. The new user must appear in the list. After that, just log out.

    User Site Number: 1
    User Number: 2000
    Username: topcoder
    ICPC ID: 
    Type: Team
    Enabled: Yes
    MultiLogins (local teams should be set to No): Yes
    User Full Name: 
    User Description: 
    User IP: 
    Password: boca
    Retype Password: boca
    Allow password change: No
    Admin (this user) Password: boca

1. In order to reproduce the problem, it is necessary to log in using 2 different User Agents (Web browsers) using the credentials Name: topcoder | Password: boca;

   Example: First, logging in Google Chrome and then trying to do the same in Safari.

   

2. To stop the application (considering that the shell is in the same directory):

    docker-compose -f docker-compose.yml down
   

Hi,

I'm really interestedin contributing to your project developing new features. Please let me know if you need some help with that.
Best Regards!

Is there an initiative to have a Dockerfile or a Vagrantfile to easly provide a BOCA installation?

"safeexec.c" isn't compatible with mono .NET framework

The problem is due to this code snippet (since commit 17da397):

https://github.com/cassiopc/boca/blob/master/src/optionlower.php#L32-L35

Wouldn't it make more sense to prevent teams to update their password using the admin's UI? I mean, setting the "Allow password change: No" option in /boca/admin/user.php

Team users cannot change their password even if the admin user sets this option to "Yes".

Thanks!

Maybe it would be best to order runs with recent runs first and place the submission form as the first item on that page. That way teams with a lot of submissions won't need to scroll to submit.

Hi 

I'm interested on working on different clients to publish information about the 
contest - following the rules of the Tournament - and it would be helpful 
having a API to query all the information of the contest. For simplicity I 
recommend an REST API. 

I'm willing to help with the implementations details. But i would like to 
discuss first if is a good idea before starting to code anything. 


Thanks

Original issue reported on code.google.com by [email protected] on 8 Jul 2013 at 5:00