More Secure Cookie Auto Login for TF-Login

14 January 2020

I've implemented a more secure cookie-based auto-login in TF-Login 'password' branch to replace the existing simple and insecure cookie scheme.

To load, start with fresh Pharo 7 image:

"First load Seaside."
Metacello new 
    baseline: 'Seaside3'; 
    repository: 'github://SeasideSt/Seaside:v3.3.3/repository'; 
    load. 
    
"Then load TF-Login."
Metacello new 
    baseline: 'TFLogin'; 
    repository: 'github://PierceNg/TF-Login:password/src'; 
    load.

Start Test Runner to run TF-Login's tests. All 78 tests should pass. The class TLTest runs "scripted interactive" tests on the TLTester Seaside application. TLTest's testLoginLogout and testLoginThenAutomaticLogin methods exercise the cookie-based auto-login functionality.

Auto-login is also implemented in the TLTestApp demo Seaside application. Here's a screenshot of the cookie stored in Chromium upon logging into TLTestApp.

TF-Login cookie in Chromium

The original cookie-based auto-login stores username and the SHA1-hashed password in client cookies. This replacement implementation is based on Paragon Initiative's blog post on "remember me" cookies.

[ANN] Phoedown - Markdown to HTML

1 January 2020

I've published Phoedown, an FFI to hoedown, the standards compliant, fast, secure Markdown processing library written in C. This blog is powered by Phoedown.

A simple example:

| md |
md := (FileSystem memory / 'somefile.md')
    writeStreamDo: [ :ws |
        ws nextPutAll: 
'
 ```smalltalk
Transcript show: ''Happy New Year!''; cr
 ```
' ];
    contents.
HdHtmlRenderer new
    setMarkdownExtension: HdMarkdownExtensions FencedCode;
    setMarkdownExtension: HdMarkdownExtensions NoIntraEmphasis;
    render: md

This is the output:

<pre><code class="language-smalltalk">Transcript show: &#39;Happy New Year!&#39;; cr
</code></pre>

The output in HTML:

Transcript show: 'Happy New Year!'; cr

Scarlet Smalltalk on a Web Page

21 December 2019

Scarlet Smalltalk is a Smalltalk-to-Javascript transpiler and runtime by LabWare. This post is my 2012 post on Amber updated to use Scarlet Smalltalk.

This is placeholder text. You will see this text if you're reading this post from the blog's RSS feed. Go on, click on the post's title to see Scarlet Smalltalk in action.

If you see a "Hello World" message in the above paragraph, you're seeing my old post updated to use Scarlet Smalltalk. The HTML body contains the following:

<div id="scarlet_do_it">
<p>This is placeholder text. You will see this text if you're reading this post from the blog's RSS feed.  Go on, click on the post's title to see Scarlet Smalltalk in action.</p>
</div>

<script src="/SmdwHelloWorldSK.js" type="application/javascript"></script>

SmdwHelloWorldSK.js comprises the Scarlet Smalltalk runtime plus my little bit of Smalltalk code that returns the "Hello World" string, based on the 'standalone' example. The Smalltalk code looks like this:

Object subclass: #SmdwHelloWorldSK
    instanceVariableNames: ''
    classVariableNames: ''
    poolDictionaries: ''
    category: 'Example'!

! SmdwHelloWorldSK methodsFor: #running !
main
    ^ '<p>Hello world from Scarlet Smalltalk.</p>' ! !

And this following Javascript snippet replaces the placeholder text in #scarlet_do_it with the result of evaluating SmdwHelloWorldSK new main (expressed in Javascript syntax):

<script type="application/javascript">
document.addEventListener("DOMContentLoaded", function() {
    $("#scarlet_do_it").html(smalltalk.SmdwHelloWorldSK.$$new().main());
    });
</script>

Building Pharo VM on Alpine Linux in Docker

3 December 2019

I've put up a Dockerfile that builds the Pharo pharo.cog.spur.minheadless VM on Alpine Linux within Docker. This allows one to build said VM without having to first create an Alpine Linux installation such as through VirtualBox.

This is a multi-stage Dockerfile. The Pharo VM is built in an Alpine Linux 'build' container. Then the VM files are copied into a fresh Alpine Linux Docker image. The resulting Pharo VM Docker image is ~14 MB.

The output Docker image contains the Pharo VM only and is not runnable by itself. It is intended to be used as a base to build your own Docker image containing your application-specific Pharo image.

Tested on Ubuntu 18.04 and MacOS Mojave.

Edit: Changes to OpenSmalltalk VM source tree for building on Alpine Linux are in the pierce_alpine branch of my fork.