search

trampgeek / jobe

jobe is a server that runs small programming jobs in a variety of programming languages
MIT License
108 stars 78 forks source link

Https? #29

Closed booski closed 4 years ago

booski commented 5 years ago

Hi!

I just set up Jobe for use in our programming education, and everything works perfectly. However, it doesn't seem like HTTPS is supported when communicating between the jobe server and the client?

I haven't looked very closely at this apart from noting that jobe seems to break when I set up a redirect from http to https and/or I point my moodle server to https://my.server.example instead of my.server.example.

Am I right in concluding that jobe (and/or coderunner?) doesn't support HTTPS at the moment? Are there any plans on changing that? I could probably produce a patch if there is interest (and I get the time).

trampgeek commented 5 years ago

Hi Yes, you're right that jobe doesn't support https at the moment. I've never seen the point - there are no passwords or personal information exchanged. However, a couple of others have asked for it, probably because of IT policy requirements. If you'd like to produce a patch, that would be great, thanks.

booski commented 5 years ago

I have now confirmed that jobe itself has no problem with HTTPS. I did this by making the following changes to testsubmit.py:

diff --git a/testsubmit.py b/testsubmit.py
index f476570..53f31d6 100755
--- a/testsubmit.py
+++ b/testsubmit.py
@@ -53,6 +53,11 @@ RUNS_RESOURCE = '/jobe/index.php/restapi/runs/'

 #JOBE_SERVER = 'jobe2.cosc.canterbury.ac.nz'

+# Set this to True if you want to test jobe over HTTPS.
+# Note that JOBE_SERVER above will need to be set to a name that is valid for
+# your certificate.
+HTTPS = False
+
 # The next constant controls the maximum number of parallel submissions to
 # throw at Jobe at once. Numbers less than or equal to the number of Jobe
 # users (currently 10) should be safe. Larger numbers might cause
@@ -763,7 +768,11 @@ def http_request(method, resource, data, headers):
        Return the connection object. '''
     if USE_API_KEY:
             headers["X-API-KEY"] = API_KEY
-    connect = http.client.HTTPConnection(JOBE_SERVER)
+    connect = None
+    if HTTPS:
+        connect = http.client.HTTPSConnection(JOBE_SERVER)
+    else:
+        connect = http.client.HTTPConnection(JOBE_SERVER)
     connect.request(method, resource, data, headers)
     return connect

I will now look into patching the moodle plugin instead.

trampgeek commented 4 years ago

Thanks to Eric Villard, CodeRunner now allows specification of an https connection to a Jobe server with HTTPS support (as above) or one that's behind a reverse proxy to terminate the SSL connection. So closing this.