Student projects/Secure RSS feeds

Revision as of 09:07, 28 July 2011 by Michael de Raadt (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


Status

Release candidate. All main objectives complete.

Summary

Secure RSS feeds is a project about making the RSS feeds published by Moodle secure so that only desired people can access the feeds. More details here.[1]

Typical RSS URL will look like: “http://domain/moodle/rss/file.php/contextid/hash_keyuser_id/modulename/instance/any/other/params/module/wants/rss.xml”.

Where hash_key – special hash-string used to identify user.

User is identified by comparing part hash_key with the real hash value of user_id + user_private_key(from DB) + modulename + instance(from URL) concatenation.

If someone stole one private feed URL, he won’t be able to use it for reading other private feeds.

Security

  1. Hash-key is a hash value from user_id, user_private_key, modulename (and other information, which is used to identify RSS feed) concatenation.
  2. If hash-key is not specified, consider user as guest.
  3. In current version of spec, hashes are not additionally salted.
  4. User private keys are tied to context id's.
  5. There is an option to force https:// for all RSS feeds

Core functions

rss_auth()

rss_auth($hash_key, $user_id, $course_id, $context_id, $module, $instance, $info )

  • $hash_key - long hash-like string from URL.
  • $user_id - user id from URL
  • $course_id - the id of the course this feeds belongs to
  • $context_id - the id of the context this feeds belongs to
  • $module - module name or course module object this feeds belongs to
  • $instance - instance id. Could be blogid, forumid etc
  • $info - additonal information, which is used to accurately identify RSS feed. Can be array.

Authenticates user by hash-string in URL, sets up $USER and other necessary stuff(done by calling Moodle core function require_user_key_login()). Checks if the user can access particular course and module. Function terminates with error if user doesn't have access to course\module.

rss_get_url_key()

rss_get_url_key( $userid, $contextid, $modulename, $instance, $info)

  • $user - user id.
  • $contextid - the id of the context this feeds belongs to
  • $modulename - module name this feeds belongs to
  • $instance - instance id. Could be blogid, forumid etc
  • $info - additonal information, which is used to accurately identify RSS feed. Can be array.

Function returns long hash-like string, which can be used later to access specific RSS feed. Used when printing links.


RSS feed generation

modulename_rss_newstuff($instance, $time,&$cache, $info) This function checks if there is something new in module since $time

modulename_rss_generate_feed($instance, $context, $info, $cache) This function generates and returns XML rss contents

Changes in RSS feed subsystem

  • No more Cron jobs for RSS feeds.
  • All feeds are generated on the fly (i.e. no cached .xml files)

Most of the times nothing changes in the feed - we do not have to send the actual feed content, we can just send HTTP 304 Not Modified header. And because no actual content is sent, this allows us to skip loading all capabilities, identifying users etc - improve performance.

It may be convenient to prefetch some data in rss_newstuff(), that's why $cache is used. However, it duplicates rcache functionality a bit, so I'm thinking about removing it.

But there is a problem, when rss_new_stuff() result depends on what capabilities user has. In this situation during newstuff() check we assume that user has all the necessary capabilites. If there are no changes since last feed fetching - send 304 Not Modified. Otherwise, do the real check during feed content generation.

Database tables

Fields added to existing tables.

course

Field Type Default Info
rsstype int(1) 0 0 - disabled. 1 - recent activity rss
rssarticles int(2) 0 number of recent articles in RSS feed


assigment

Field Type Default Info
rsstype int(1) 0 0 - disabled. 1 - assignment submissions rss
rssarticles int(2) 0 number of recent articles in RSS feed

Interface mockups

RSS links on Course page

File:blocks.gif

Calendar RSS links

File:calendar rss.gif

File:calblockrss.gif

Recent activity RSS feed preferences page

File:activityrsspref.gif

Tasks and Timeline

  • Further develop spec, get feedback, feel out implementation ✔
  • Implement core functions - 1-2w ✔
  • Secure existing RSS feeds in Moodle 1w ✔
    1. Forums ✔
    2. Blogs ✔
    3. Database module ✔
    4. Glossary ✔
  • Add option to force HTTPS for RSS feeds ✔
  • Add RSS to other areas of Moodle.
    1. Calendar(Upcoming events) 1-2w ✔
    2. Recent Activity 1-2w ✔
    3. Assigments submitted 1w ✔
    4. Messaging 1w ✔
  • Upgrade whole RSS subsystem. 1-3w
    1. Each module should have own function, that checks if there are any changes. ✔
    2. Use ETag and If-Modified-Since headers. ✔
    3. Generate RSS content on the fly(no cache files, no rss cron jobs) ✔
    4. ContextId ✔
    5. file.php (stub code) ✔
  • Optional tasks - 1.5w
    1. Give user an ability to reset his private keys ✔
    2. Recent activity feed for "My courses" ✔
  • Extensive debugging - 1w
  • End-term evaluation

Glossary

Term Definition
Hash value (also called a "digest" or a "checksum") A concise representation of the longer message or document from which it was computed. The message digest is a sort of "digital fingerprint" of the larger document.
RSS feed A family of Web feed formats used to publish all kind of frequently updated content, usually blog entries, news headlines, and podcasts. RSS proved to be very convenient and easy-to-use, fast–to-implement technology, which makes users more productive and saves a lot of time.
user_private_key unique hash-like string used for user identification. Stored in database.

See also