Sunday, August 9, 2015

Removing rogue members from your Plone site

I recently had one of my Plone sites get hit by a "join form attack". Basically a spam bot which started adding new members to my site (we don't use a captcha at the moment). I ended up with far more members in the site than members of the organization. I started deleting them manually using the Zope Management Interface > acl_users > source_users, but that became tedious quickly. So I wrote a command-line script to do the job for me.

In my case the spambot wasn't super smart, all the usernames created by the bot started with capital letters. All my real users had usernames with common letters. This made it easy to filter out the bad guys.

Here's my script in a nutshell:
.
.

I used the special --object-path option to indicate the location of my Plone site, relative to the root of the Zope application server.

My final command looked something like this:

bin/instance_debug --object-path='pathto/sitein/zodb/plone' run member_cleanup.py > members_cleanup_report.txt

The resulting output went to a members_cleanup_report.txt.

Many thanks to the plone.api and plone.docs teams, being able to make use of plone.api.user made it 20 times easier to write the script.

A note about transactions

Before my script would run successfully I had to add a transaction.commit() line, it seems commandline scripts require this.

Parting thoughts

There's a lot more that can be added to the script to make it smarter. For example for certain kinds of sites you could filter based on whether the user has created any content or perhaps it might be based on log in patterns, if they have never logged in or only logged in once.

I'm weighing the pros and cons of having a captcha. At the moment members can't do much except change their portrait pictures and profiles, but I know that some spammers use the portrait for hosting "bad" images, so captchas may have to be introduced.

References

The resources I used included the following references:

http://docs.plone.org/external/plone.api/docs/api/user.html
http://docs.plone.org/develop/plone/misc/commandline.html#scripting-context
https://pypi.python.org/pypi/plone.recipe.zope2instance

Tuesday, August 4, 2015

Install Plone 5 Beta 4 on Cloud9 IDE in 5 minutes

(update August 27, 2015:  The script now installs Plone 5 Beta 4)
These are quick instructions for installing Plone 5 Beta 4 on Cloud9 IDE, they supercede my post on installing Plone 5 Beta 2. This walks you through the process of installing Plone on Cloud9 IDE as it is no longer possible to do this on the free tiers of Codio. We assume you have already signed up with Cloud9 IDE.

Step 1 - Create a new Workspace

On the Cloud9 IDE dashboard select Create a new workspace

Use the default settings as a Starting Point

Then click Create workspace.

Step 2 - Enter the installer command in the terminal

in the terminal type the following:

wget -qO- goo.gl/5FMjBC | bash

You will see output similar to this:

Step 3 - Launching Plone 5

After successful installation (takes about 5 minutes) run the following command:
cd zinstance
bin/instance fg
Once it has started successfully you'll see the following message on the terminal:
INFO Zope Ready to handle requests
At that point select Preview > View Running Application.




IMPORTANT: You'll need to get the adminPassword, it is located under the 'zinstance' folder see the screenshot below.


Once it's running, click on the "pop out" button



This will lead you to the Plone installer (it will look a little weird, because of an issue with proxying the site via https). Click on Create a new Plone site and following the instructions.

Once you're successful you'll see a running Plone 5 site:

Things to Know

Here are a few things to know about Plone.
  1. Plone runs on an application server called Zope 
  2. You can actually run multiple copies of Plone on one Zope application server

Next Steps

This quick cloud based installation is a great way to try out some of the new things in Plone 5. Plone 5 is still being polished so it will have rough edges. Try changing the look of your site by following these notes from Asko Soukka on customizing Plone 5's default theme.

If you get this working, please leave a comment. If you try and have issues leave a comment.

Friday, July 31, 2015

5 minute Plone 4 install on Cloud9 IDE

This is an overview of getting Plone 4 (4.3.6 at the time of writing) up and running in 5 minutes or less on Cloud9 IDE. The aim of this is to make it easy, especially for students, to try out Plone, and more importantly Plone development for zero dollars. My previously recommended cloud based options (Nitrous and Codio) no longer offer a viable free tier.

Step 0 - Get a Cloud9 IDE account

You will need to get an account with Cloud9 IDE, so go and sign up over there and then come back here.

Step 1 - Start a new Custom Box

Not much to say here.  You can accept all the defaults to and then click "Create Workspace".

Step 2 - Run the Plone installer script

In the terminal paste the following command and press enter to begin the installation:
curl -L https://goo.gl/Enjwms | bash

You will see output similar to this:


Step 3 - Launch the server

Run the following commands to start Plone as a foreground process.
cd $HOME/workspace/zinstance
bin/instance fg
To stop plone use Ctrl + C.

Step 4 - Setup Plone

You will know that Plone is running when you see the following message in the terminal.
 "Zope Ready to handle requests" ([3] in the screenshot below). 

You can view the default administrator credentials, username and password under 'workspace' >  'zinstance' in a file called adminPassword.txt ([2] in the screenshot below). To go to your live server select 'Preview' > 'Preview Running Application'  ([1] in the screenshot below). 



You will see the Zope server ready to create your first Plone site.  Start by clicking the little icon to pop it out into a new window.


You can now create a new Plone site, you will be prompted for your Admin credentials (we discussed the adminpassword.txt above)
Zope server, ready to create a Plone Site
Click create Plone site and enter your credentials.

Important things of note

Cloud9 IDE provides a proxy that listens on port 8080, this is the default port for Plone if you change the port later on you will not be able to access the site using the Preview link.

This is for the purpose of development NOT PRODUCTION USE. For developing your new Plone based site you can work right here.

Thursday, July 2, 2015

Help, my updated posts keep bubbling to the top of the Planet

I kept noticing that whenever I updated certain posts they would end up at the top of the Planet Plone RSS feed aggregator. I haven't dug too deeply into the issue, but it seems to be a mixture of the way the Planet is configured and the way default blog feeds are presented by Blogger. Thankfully, the default Blogger feed format can be easily changed.

Previously the feed I used for Planet Plone looked something like this:
http://pigeonflight.blogspot.com/feeds/posts/default/-/plone
Which resulted in a feed enclosed between feed tags like this:

     <feed xmlns='http://www.w3.org/2005/Atom'...

My new URL now looks like this:
http://pigeonflight.blogspot.com/feeds/posts/default/-/plone?alt=rss
The new approach (ie. appending ?alt=rss) resulted in a feed with an rss tag like this:

    <rss xmlns:atom="http://www.w3.org/2005/Atom"...

I did not delve into what other things get changed by using '?alt=rss', but the most important outcome is that the "Planet" (Planet Plone) is now safe from the occasional updates and revisions to my blog posts.

How to connect your Chromebook to a Windows SMB/CIFS Share

In order to connect to the share you'll need to know the name or ip address the host and the domain name.

1. Install the Files System for SMB/CIFS and Windows
Go to the Chrome Web Store and search for SMB/CIFS, you'll find the File System for SMB/CIFS and Windows.

2. Go to the ChromeOS File manager and select Add new services

You'll see an option for "File System for SMB/CIFS and Windows".


3. Enter your credentials
In my experience I found that the domain name was case sensitive.



Monday, May 25, 2015

Plone 5 Beta 2 in the Cloud

Update: August 4, 2015 - Beta 3 is out, so go here to see how to install Plone 5 Beta 3.

These are quick instructions for installing Plone 5 Beta 2 on Codio.com.
I have found no faster (or more newbie friendly) way to get a Plone sandbox up and running.

I'll assume you have already signed up with Codio. If not, go ahead and do that first.

Step 1 - Create a new Project

On the Codio dashboard select Create Project


Use Default as the Starting Point and click Create.


Step 2 - Open the terminal

Select Tools > Terminal.

Then on the terminal enter the following command:

wget -qO- https://goo.gl/XxDEOO | bash

You will see output similar to this:

Step 3 - Launching Plone 5

After successful installation (takes about 6 minutes) you'll see that the menu in you project has updated.
Select Start Plone from the menu.


Get the admin password by selecting Admin Password from the menu, you'll be promoted for it later.



Select Plone site port 8080. This will show you the Plone installer


This will lead you to the Plone installer

Things to Know

Here are a few things to know about Plone.
  1. Plone runs on an application server called Zope (this is why you'll see mention of Zope and ZEO as you work)
  2. You can actually run multiple copies of Plone on one Zope application server

Next Steps

This quick cloud based installation is a great way to try out some of the new things in Plone 5. Plone 5 is still being polished so it will have rough edges. Try changing the look of your site by following these notes from Asko Soukka on customizing Plone 5's default theme.

If you get this working, please leave a comment. If you try and you're stuck

Monday, May 18, 2015

Baby steps in learning ReactJS

As a way to better understand my process of learning a new technology I've captured the first two days of my journey of learning ReactJS


Day 1  - Thursday April 30, 2015

What I did on this day


Notes
At this point my aim is to get a general grasp of what ReactJS is, I'm focusing on understanding the mechanics of the framework. I think my next step will be to follow along more closely with the "Thinking in ReactJS" presentation.

Impressions:
ReactJS flies in the face of convention and eschews the idea of templates, favouring what they call views, also very counter-intuitively they "redraw" the DOM for every update yet in benchmarks are able to outperform AngularJS. To achieve this they use a virtual DOM and only render to the real DOM on an "as needed" basis.

Day 2 - Friday May 1, 2015

What I did on this day

  • Back on the ReactJS website and then decide to work my way through the Thinking in react tutorial again. 

Notes
In following the tutorial the first example failed because the code was out of date. This slowed me down for about 5 minutes. It turns out that React.renderComponent() is now replaced with React.render() so I was working with a slightly dated tutorial, after replacing switching the code to use React.render() instead of React.renderComponent() I was able to make my way through the tutorial.

After an hour of following the tutorial I had the static version working and started to learn about React's concept of "state". I decided to break for a while and grab a snack.

What I know now


  • ReactJS is about building components, usually from existing HTML and Javascript
  • They provide a HTML like syntax called JSX which simplifies the creation of these components
  • I'm learning some of ReactJS's methods such as render()
Two days in, I think I know enough to tentatively try this in a new project. I'm sure I'll gain a lot more facility with a week or two of usage.

Parting thoughts 

So far I've spent 3 to 5 hours on this journey and things are starting to make sense. My feeling at the moment is that I first needed to capture the overall concept of what React does, the virtual DOM and React's JSX syntax. Once I was fine with that I needed to use it in a trivial example, in my case the static version from Thinking in React tutorial. I'm confident about being able to do that now.

Next I'll spending time getting comfortable with idea of working with state.

I work at
I work at Alteroo, hire us for Plone projects
we ❤ Plone projects