openhpi / codeocean Goto Github PK

If a user tries to export an exercise without setting up a CodeHarbor link, the UUID check might fail.

Sentry Issue: [CODEOCEAN-9]

NoMethodError: undefined method `check_uuid_url' for nil:NilClass
  app/services/exercise_service/check_external.rb:34:in `connection'
    Faraday.new(url: @codeharbor_link.check_uuid_url) do |faraday|
  app/services/exercise_service/check_external.rb:11:in `execute'
    response = connection.post do |req|
  app/services/service_base.rb:5:in `call'
    new(*args).execute
  app/controllers/exercises_controller.rb:125:in `export_external_check'
    codeharbor_check = ExerciseService::CheckExternal.call(uuid: @exercise.uuid, codeharbor_link: current_user.codeharbor_link)
...
(90 additional frame(s) were not displayed)

When uploading a file that is not UTF-8 encoded, the database might error when inserting the file content. We might consider adding some validations to Rails or change the encoding prior to uploading the file. Attached is some more information with an example.

Sentry Issue: [CODEOCEAN-2]

PG::CharacterNotInRepertoire: ERROR:  invalid byte sequence for encoding "UTF8": 0xf4 0x74 0x65 0x5f

  app/controllers/concerns/common_behavior.rb:41:in `block in update_and_respond'
    if @object.update(options[:params])
  app/controllers/concerns/common_behavior.rb:40:in `update_and_respond'
    respond_to do |format|
  app/controllers/exercises_controller.rb:459:in `update'
    update_and_respond(object: @exercise, params: myparam)
...
(185 additional frame(s) were not displayed)

ActiveRecord::StatementInvalid: PG::CharacterNotInRepertoire: ERROR:  invalid byte sequence for encoding "UTF8": 0xf4 0x74 0x65 0x5f
: INSERT INTO "files" ("content", "context_id", "context_type", "file_type_id", "hidden", "name", "read_only", "created_at", "updated_at", "role", "hashed_content", "feedback_message", "path") VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13) RETURNING "id"

Explanation (in German):

Und das mit der Côte d’Ivoire ist eine spannende Sache. Ich habe es auch geschafft, das nachzustellen. Von daher weiß ich jetzt, was passiert: Die Datei, die Du hochlädt, ist nicht UTF-8 codiert. Dort würde ein ô hexadezimal durch die beiden Zeichen 0xC3 0xB4 dargestellt werden. Stattdessen verwendet die Datei die Windows-typische Darstellung mit 0xF4, also nur ein Byte. In UTF-8 bedeutet der Beginn mit Präfix 0xF.. allerdings, dass ein Zeichen aus insgesamt vier Byte bestehend folgen wird, wie bspw. dieser Smiley 😎, Hex: 0xF0 0x9F 0x98 0x8E. Der Import schlägt also fehl, weil die folgenden Zeichen bereits normale weitere Zeichen sind (t = 0x74, e = 0x65, _ = 0x5f) und nicht, wie erwartet, die Fortsetzung des vorherigen Zeichens. Die Datenbank validiert dies und meldet einen Fehler, mit genau den vier Zeichen:

PG::CharacterNotInRepertoire: ERROR:  invalid byte sequence for encoding "UTF8": 0xf4 0x74 0x65 0x5f

Leider ist das Encoding einer Datei (hier also Western / Windows-1252) nicht in der Datei selbst enthalten, man kann also nur mehr oder weniger geschickt raten. Und genau das schlägt hier fehl, die Datei wird nicht mit ihrem korrekten Encoding erkannt und so einfach standardmäßig als UTF-8 behandelt. Daher kommt es zu obigem Fehler. Du kannst also entweder die Datei vorher in echtes UTF-8 konvertieren oder das Zeichen entfernen und nach dem Upload dieses im Web-Interface wieder einfügen. Dann klappt es auf jeden Fall ;). In der Datei expenditure.txt hat es auch funktioniert (Zeile 51), dort wird es korrekt dargestellt.

Attachment: test.txt

CodeOcean can not be executed using the Internet Explorer 11. Loading the editor fails with an error message stating that the browser is not supported.

Also see https://open.hpi.de/courses/pythonjunior2015/question/d4814ca3-fa9a-4f97-8ce2-ce32f11d3f46 for a course participant with that problem.

It would be really, really nice, if you could make some videos about setting up and using codeocean and webpython for noobs like me.

If I delete a file while editing an exercise (/edit route), the collapsed card with the file name is still present but doesn't work anymore. The file is deleted and everything works as expected, but I have this UI glitch. The current behavior is confusing and should be changed.

Code Ocean does not use Rails 4.2, since activerecord-jdbc-adapter is not compatible with Active Record 4.2 yet.

When this issue is fixed, commit 7477d4c can be reverted.

When working with exercises as an admin or teacher, I often need to switch between different views and options. For example, when viewing an exercise (show method in the controller), I miss a link to jump in the implementation mode. In addition, in this view, I miss some actions, such as deleting or cloning that particular exercise. In order to perform these tasks, I need to go back to the index page, search for the title and then use the buttons offered there.

If a test has no errors, the following messages comes: Well done. All tests have been passed.
Please translate this to german for the java course.

As a backend user of CodeOcean, I would like to see the (full) path of files created for an exercise. The path should be shown when viewing an exercise or when editing it (but is not required for implementing, as we have JSTree there). This suggested change will help me to differentiate between different files in different folders with the same name (see current status below).

If you are signed in in the CodeOcean, you can switch between all excercises by changing the URL.

Ways to reproduce the bug:

1. Sign in to the CodeOcean by doing an exercise in openHPI
2. Now you can simply switch between different excercises by changing the excercise number: https://codeocean.openhpi.de/exercises/[try random numbers]/implement

CodeOcean heavily relies on the session that is stored in the cookie and sent to the client. Up to now, this was fine.

However, when using the interactive worksheets, this is about to change:

First, we need to rethink how restrictions (LTI custom_embed_options) are stored. Currently, these are stored in the session without being associated with an exercise, resulting in the fact that these are always applied.

Second, the automated CSRF token validation provided by Rails depends on the session. It generates a value, where one part is put in the HTML and sent to the client. Later, we expect this to be sent together with other requests, such as a POST. The corresponding counterpart is encrypted and stored in the session cookie. Only if both match, the request is seen as valid. For the worksheets, we might now embed multiple frames of CodeOcean and each embedded frame generates its own CSRF. Here, a race condition might occur: An AJAX call using one frame's CSRF and "another frame's" cookie (because the sessions overwrite themselves without notice and globally) will result in an invalid CSRF token. This is logged as 422 Unprocessable entity and results in a red flash notice for the user.

I would like to prevent Feram from showing a failure in the status checks for a PR. Either, we should remove it, submit the findings once (which will prevent them from being found over and over again, I hope 😉) or configure it and resolve them.

On the other hand, it would be nice if Feram would only mark those issues that are being added through the changes shown in the PR.

// CC: @ad-si

Deleting a file in edit doesn't delete the file when updating.
Also binary files are not shown in edit.

Behavior described in #49 is happening again on codeocean.openhpi.de (example link).

The HTML canvas element is not removed when removing all turtle code from a Python exercise. This is unexpected and should be fixed.

Steps to reproduce:

• Run exercise with Turtle output
• Change the program to simply print("Hi")
• The program runs but still displays a white, empty turtle graphics.

Some information would also be useful:

• Nr. of tests
• Sum of points

As a learner, I would like not to be confused with the option to score my code if there are no tests available. So far, some exercises have a string, such as the following, in the description to clarify this:

Hint: This “exercise” does not yield any points, there are no tests for the code here.

When selecting a file in the editor and clicking Run I'd expected to have this file run. Instead the main file is run.

This is seems to be related to the this.active_file in editor/editor.js.erb which is not set when a file is selected. It seems to never change from the default main file set on initialization.

All run actions will therefore always only run the main file rendering user-defined tests useless.

When a user submits an exercise to an LTI consumer, he is automatically redirected to one of three possible pages within CodeOcean. Only one of these displays the grade permanently with a nice progress bar. The other two (feedback request and open RfCs) only display a self-closing flash message for about 10 seconds. This is not ideal and many users raised concerns if their grade was submitted. We should change that experience.

Searching the exercise list for "pt" returns a HTTP Status code of 500 and the following error message:

cc @Felerius who originally found this problem

So that the buttons or something like this arn't the last elements on the screen

As a user, I want to get notified if my browser is incompatible with CodeOcean. In that case, I expect a clear warning message providing me some hints on what to change.

This feature has already been prepared and was active some time ago, but is no longer working as intended (or the browser list is outdated). That should be checked and fixed.
We could always check with IE 11, which is unable to render the ACE editor when implementing an exercise.

When signing in via LTI, CodeOcean saves the consumer_id in the encrypted session along with the external_user_id (our generated id for the given user) and other data. However, the consumer_id is not required here, as the external_user_id uniquely identifies the Consumer. (Note: If the same user [= person] accesses CodeOcean from another consumer, a new user will be created because we only use the consumer_id and the provided external_user_id[given by the consumer]). Therefore, we should be able to remove the consumer_id safely and save storage in the 4 KiB cookie.

For a development installation, it would be convenient if the installation procedure was automated. For that, Vagrant could be used, resulting in a single VM that runs both the application and Docker.

Pressing STRG + ALT + 0 in a CodeOcean editor does nothing.
Expected behavior: an } is inserted at the current cursor position.
Workaround: Inserting the } in another application and copy it over to CodeOcean or using the ALT GR + 0 shortcut.

Like set multiple tasks public

Wie können wir Execution Enviroments bzw. Aufgaben anderen Nutzern zur Verfügung stellen. Vision: Lehrer 1 macht ein Enviroment, Lehrer 2 kann das dann in seinem Unterricht nutzen und weiterentwickeln..

Program run in CodeOcean are run in a TTY and are announcing color support (tput colors returns 8) but the output does not render/stripe such codes. Programs checking and using color cores produce hard to read output such as:

�[1mTraceback�[m (most recent call last):
	2: from tasks.rb:4:in `<main>'
	1: from /usr/local/lib/ruby/site_ruby/2.5.0/rubygems/core_ext/kernel_require.rb:59:in `require'
/usr/local/lib/ruby/site_ruby/2.5.0/rubygems/core_ext/kernel_require.rb:59:in `require': �[1mcannot load such file -- time_trackerd (�[1;4mLoadError�[m�[1m)
�[m

Best would be if CO would render program output with an actual terminal emulator (such as xterm.js) to support coloring and more.

See http://guides.rubyonrails.org/upgrading_ruby_on_rails.html#upgrading-from-rails-4-2-to-rails-5-0.

Rails 4.2 does not receive patches anymore, except for the most severe security issues.

Code Ocean provides both general help on how to use the platform and specific help for every execution environment, if supplied by the creator.

The first-mentioned help text is currently only dummy text. Before Code Ocean is used in an educational context, a meaningful help text should be composed.

A file classified as user-defined test has a "Test" Run-Button when being active, but nothing happens when the button is clicked. A JavaScript exception is (invisibly to the user) raised:

Uncaught TypeError: this.active_file.filenamereplace is not a function
    at Object.<anonymous> (application-8a1412fc33eff654347382985b1211649492ef23b9736c2e49db2497dc6ddb35.js:formatted:42211)
    at c (application-8a1412fc33eff654347382985b1211649492ef23b9736c2e49db2497dc6ddb35.js:formatted:1982)
    at Object.fireWith [as resolveWith] (application-8a1412fc33eff654347382985b1211649492ef23b9736c2e49db2497dc6ddb35.js:formatted:2033)
    at i (application-8a1412fc33eff654347382985b1211649492ef23b9736c2e49db2497dc6ddb35.js:formatted:3858)
    at XMLHttpRequest.n (application-8a1412fc33eff654347382985b1211649492ef23b9736c2e49db2497dc6ddb35.js:formatted:4136)

The issue seems to be a forgotten dot in app/assets/javascripts/editor/submissions.js.erb#L177.

When I run a (main) file located in a directory I'd expect the file to be run. Instead the file (usually) not found.

The path seems to be completely ignored. If the file to be run is e.g. bin/tasks.rb, CodeOcean tries to run the file tasks.rb, which, usually, not exists.

Wie kann man CodeOcean dazu bringen die Docker Container in einer Public Cloud zu starten.

Fragen: Verträgt sich das mit dem momentanen Pooling Ansatz?
Was muss man sonst noch beachten (bspw. dürfen keine Volume Shares verwendet werden sondern alle Kommunikation und Anlegen von Dateien muss über HTTP(S) / Docker API erfolgen.

On the live instance of CodeHarbor the rating of exercises does not work.

If a user clicks on one of the stars in an attempt to rate an exercise, a 404 page appears.
This is the url that is queried: "https://tools.openhpi.de/exercises/1/ratings?rating[rating]=3"

The url needs to begin with "https://tools.openhpi.de/codeharbor/". This is clearly not the case.

Todo:

• fix URLs for rating

If you add more files than you need, it isn't possible to remove them

Some models have a has_many relationship to another model, where the second one references with belongs_to to the first one. However, some miss the dependent attribute on the has_many association.

For example:

Exercise: has_many :submissions
Submission: belongs_to :exercise

If an exercise is deleted, nothing happens to the submissions, resulting in an invalid reference on a deleted exercise. This is problematic, e.g. when getting a list of submissions and using it to reference each exercise.

Unfortunately, our database contains such invalid records. You may find those with the following query:

SELECT * FROM submissions FULL OUTER JOIN exercises ON submissions.exercise_id = exercises.id WHERE exercises.id IS NULL;

I would suggest to a dependent attribute to the has_many association, e.g. to delete the submissions or somewhat handle that case. Afterwards, we should take care of the existing data. We might also check all other occurrences of similar associations.

Right now, an intermediate version of ACE between 1.1.8 and 1.1.9 is used. The release has been removed due to errors in the build script.
This is the commit we use: https://github.com/ajaxorg/ace-builds/tree/b14d255f5135bbcf814ec46fad35171e39ad1d82

$ diff -rq vendor/assets/javascripts/ace/ ace-builds-b14d255f5135bbcf814ec46fad35171e39ad1d82/src-min

Only in vendor/assets/javascripts/ace/: .DS_Store
Files vendor/assets/javascripts/ace/ace.js and ace-builds-b14d255f5135bbcf814ec46fad35171e39ad1d82/src-min/ace.js differ

As a result, only ace.js needs to be checked, all other files are unchanged.

I guess, the ace.js is from another commit:

$ for REV in $(git rev-list master); do
    git checkout $REV;
    git diff -w --shortstat --no-index src/ace.js <...>/CodeOcean/vendor/assets/javascripts/ace/ace.js; 
done

<snip>
HEAD is now at beb9ff68 package 03.03.15
 1 file changed, 112 insertions(+), 60 deletions(-)
Previous HEAD position was beb9ff68 package 03.03.15
HEAD is now at b14d255f package 24.02.15
 1 file changed, 109 insertions(+), 57 deletions(-)
Previous HEAD position was b14d255f package 24.02.15
HEAD is now at a4e495d8 package 20.12.14
 1 file changed, 57 insertions(+), 23 deletions(-)
Previous HEAD position was a4e495d8 package 20.12.14
HEAD is now at 7fafd126 package 08.11.14
 1 file changed, 363 insertions(+), 235 deletions(-)
Previous HEAD position was 7fafd126 package 08.11.14
HEAD is now at b3d5a61b package 09.10.14
 1 file changed, 510 insertions(+), 340 deletions(-)
Previous HEAD position was b3d5a61b package 09.10.14
</snap>

Due to that, I would use this commit: https://github.com/ajaxorg/ace-builds/blob/a4e495d8901876c6bafe3870a35cb8e32c827e97/src/ace.js

I met one of your collegues on last EDUCON in Abu Dhabi. I just want to share a couple points for improvements for the turtle rendering.

Setting a background does not work in the current code to lines turtle.js#L44-L45. Replace those two lines

ctx.fillStyle = '#fff';
ctx.fillRect(0, 0, canvas.width, canvas.height);

with

ctx.clearRect(0, 0, canvas.width, canvas.height);

and setting a background color in turtle works.

Currently, the setting a pencolor is not possible as it is not passed to the rendering in Line 59. You can add a check the item for the pencolor and the fillcolor.

Regards

While you're at it, you might as well go all the way, 5.2 is also around the corner.

See http://guides.rubyonrails.org/upgrading_ruby_on_rails.html#upgrading-from-rails-5-0-to-rails-5-1.

I believe this is security-relevant...

Also, Rails really shouldn't be locked down to a patch version in the Gemfile. Locking the minor is okay...

For most pages, the page title is always the application name. I would like to have different page titles to identify the right tab in while opening multiple tabs simultaneously.

All users should be external users.
There is one user with superadmin powers, which should only be used to manage tool consumers.

Roles and rights management is entirely done via LTI the consumer passes the parameters "lti.instructor" or "lti.administrator"

Prerequisites:
Each exercise should be in the context of a course and a consumer.
Each exercise should be allowed to be in the context of more than one course of the same consumer (think of new iterations of a course or course cloning).

lti.instructors can only edit the exercises in their course.
lti.administrators can edit all exercises in the context of their consumer.

This could be loaded into the LTI pages, so users will now if there is a free slot before starting an exercise

Please avoid talking to the obsolete APIv1, for authenticating (see this line).

Our app developers can tell you how to authenticate against the new API.

Can you do it within the next four weeks? I'd like to move towards shutting off the old API in December (and I'm gone for almost all of DecemberNovember).

Es sollte möglich sein Aufgaben zu haben, bei denen durch den Lerner ein oder mehrere Eingaben erfolgen kann.
Mögliche Implementierung über WebSockets.

I have experienced this several times now, and almost always lost significant amounts of work...

When editing an exercise and (apparently) making mistakes that trip up model validations, I do not get the expected inline errors, but rather a general error message claiming that CodeOcean is down for maintenance (?).

Because so much JS is involved, using my browser's back button does not bring back the unsaved content, which means that all my work is lost. And it can be a lot of work, such as the detailed task description for an exercise, or several test files.

Expected behavior:

CodeOcean should treat validation errors as such, and take me back to the edit screen where all unsaved data should still be visible - along with inline error messages on each field telling me what exactly I did wrong.