domingo, 30 de septiembre de 2018

Pharo Script of the Day: Hash password with PBKDF2 using ApplicationSecurity

Any application accepting passwords from users must use password hashing, which pays off in the event of a website breach by limiting the damage. The basic idea is that you do not store the passwords but a "one-way" derived token, then make it difficult enough (in terms of money and time) to reverse the stored token and get the original password.

We say "difficult" because if you have pre computed hash values (known as rainbown tables), it is still possible to decode the user password. So you need to use an additional security measure which consists of "salting" the password.

In Pharo Smalltalk you can use the ApplicationSecurity package to hash and verify a password using the PBKDF2 package. The following example uses a password verifier object: Given a plain text password (presumably provided by an user), a stored hashed salt and the stored hashed password, verify that password matches. We configure it with the PBKDF2 hasher (you can use other password hashers like ASNaclHasher, or the one provided by Grease library: ASGreaseHasher, or implement your own):

(ASPasswordVerifier new
    hasher: ASPBKDF2Hasher new;
    plainTextPassword: 'testPassword';
    storedSalt: '590b223fc584ae96edf3d5dc7e363034';
    storedFinalPassword: '2828efb46d56ca2fb004026398d412ef') verify.

Before using into production, check how to configure the number of iterations recommended and other sources of advices like this excellent post

sábado, 29 de septiembre de 2018

Pharo Script of the Day: Configure R <-> Pharo Smalltalk with RProjectConnector

RProjectConnector is a package to access the R programming language in Pharo. The following script shows how to install and configure it in a clean image, using OSWindows to automatically get the R path installation:

Install OS-Windows

Metacello new 
  baseline: 'OSWindows'; 
  repository: 'github://astares/Pharo-OS-Windows/src'; 
  load.

Install RProjectConnector

Gofer it 
    smalltalkhubUser: 'VincentBlondeau' project: 'RProjectConnector';
    configuration;
    loadStable.
Copy R required DLL's into the VM directory:
| rPath dlls |
(rPath := (WinRegistry
    queryValue: 'InstallPath'
    fromKey: (WinRegistryKey localMachine queryOpenSubkey: 'Software\\R-core\\R')) allButLast) notNil
        ifTrue: [
            dlls := (rPath asFileReference / 'bin' / 'i386') entries
                    select: [ : entry | entry  extension = 'dll' ]
                    thenDo: [ : dllEntry | 
                        dllEntry asFileReference
                            copyTo: Smalltalk vmDirectory asFileReference / dllEntry basename ] ]. 

Finally, we could test with the Iris data set:

| iris |
iris := 'eval' asREval: {RObject findVar: 'iris'}.
'plot' asREval: {
  (iris at: 'Petal.Length').
  (iris at: 'Petal.Width').
  (#pch -> 21).
  (#xlab -> 'length').
  (#ylab -> 'Width').
  (#bg  ->((iris at: 'Species') collect: [ :value | {'red'. 'green3'. 'blue'} at: value ])).
  (#main -> 'Edgar Anderson''s Iris Data')
}.
iris inspect.

Hope you find it useful.

viernes, 28 de septiembre de 2018

Pharo Script of the Day: Migrate FileReferences from Linux/MacOS to Windows

A very simple porting script today: If you move a Pharo image from MacOS/GNU Linux to Windows you could experiment issues with FileReferences file system not automatically converted. In that case, you can evaluate this code to update to the Windows platform and prevent annoying exceptions when accessing file references:

| winFS |
winFS := FileSystem allInstances detect: [ :fs | fs store isKindOf: WindowsStore ].
FileReference
 allInstancesDo: [ :f | 
  f setFileSystem: winFS path: (winFS workingDirectory / f basename) path ].

jueves, 27 de septiembre de 2018

Pharo Script of the Day: Prefix all class names in a package

The following Pharo script takes a String with the first letters of a package as input (pkgPrefix) and a two-letter String used to prefix all its classes. It creates then a refactoring environment for such packages and renames all its classes with the provided newClassPrefix:

| pkgPrefix newClassPrefix env model |
pkgPrefix := ''.
newClassPrefix := 'NP'.
env := RBBrowserEnvironment new forPackageNames: (RPackage organizer packageNames select: [ : pkgName | (pkgName beginsWith: pkgPrefix) ]).
model := (RBClassModelFactory rbNamespace onEnvironment: env) name: 'ModelName'; yourself.
RBClassRegexRefactoring new
  model: model;
  renameClasses;
  replace: '^(.*)$' with: newClassPrefix , '$1';
  execute.

miércoles, 26 de septiembre de 2018

Pharo Script of the Day: Replay cookies with Zinc HTTP components

For this one we will use a browser plug-in called CookieBro. It will allow us to import existing cookies from a web browser session into Pharo Smalltalk just using the Zinc HTTP Components, which are by default installed in the image, and NeoJSON. Let's assume then we have exported the cookies in a "cookiebro-cookies.json" file, the script translates the cookie's JSON format into a name–value pair (cookie crumb) suitable for a ZnCookieJar object. And it just requires you to enter the website you want to access:

| jar cookiesFile client |
jar := ZnCookieJar new.
cookiesFile := 'cookiebro-cookies.json'.
(NeoJSONReader fromString: cookiesFile asFileReference) do: [ : d |
jar add: (ZnCookie fromString: (String streamContents: [ : stream |
 d associationsDo: [ : assoc |
  stream 
   nextPutAll: assoc key asString;
   nextPut: $=;
   nextPutAll: assoc value asString;
   nextPut: $; ].
  stream skip: -1 ] )) ].
client := ZnClient new
 beOneShot;
 timeout: 5000;
 numberOfRetries: 0; 
 url: 'https://...';
 ifFail: [ : ex | self halt. ].
client session cookiejar: jar.
client get

Of course if you have any suggestions I will be glad to read them in the comments.

martes, 25 de septiembre de 2018

Pharo Script of the Day: Sort a column in a CSV file

Hi there. Today I wanted to translate to Pharo Smalltalk the code in a Bash one-liner to sort a column in a CSV file:

cat myfile.txt | cut -d \; -f 2 | sort

For replicating this one, you will need the NeoCSV package (doc), and just use the power of SortedCollection:

SortedCollection streamContents: [ : out |
 'myfile.txt' asFileReference readStreamDo: [ : in |
  (NeoCSVReader on: (ZnBufferedReadStream on: in)) in: [ : reader |
   reader 
    separator: $;;
    do: [ : each | out nextPut: each second ] ] ] ].

which you can apply to a dummy myfile.txt CSV:

a;Rachmaninoff;1
b;Horowitz;2
c;Hofmann;3
d;Scriabin;4

Hope you liked it.

lunes, 24 de septiembre de 2018

Pharo Script of the Day: Parsing Gene Ontology terms

Today a script from the Bioinformatics world, accessing an EBI REST service called QuickGO, to retrieve Gene Ontology information. For the first script I use the NeoJSON library, and return a Pharo dictionary which we can inspect interactively through the Inspector:

(NeoJSONReader on: (ZnClient new
 accept: ZnMimeType applicationJson;
 url: 'http://www.ebi.ac.uk/QuickGO/services/ontology/go/terms/GO:0005623,GO:0017071,GO:0030680';
 get) readStream) next at: 'results'.

You should only provide the GO identifiers delimited by commas. For the second script we just can join a Collection to build the comma delimited String. The API also includes a service to retrieve a graph image with the terms involved in the query, so we can also try retrieving a different type of information:

| ids |
ids := #('GO:0005623' 'GO:0017071' 'GO:0030680').
(ImageReadWriter formFromStream: (ZnClient new
 accept: ZnMimeType imagePng;
 url: 'http://www.ebi.ac.uk/QuickGO/services/ontology/go/terms/' , (ids joinUsing: ',') , '/chart';
 get) readStream) asMorph openInWindow.


Previously, EBI returned XML content in oboxml format, and the following Pharo script used XML-Parser and XPath (doc) libraries to parse GO terms. I include the script for those discovering Smalltalk and wish to know how it would be using XPath:

#('GO:0005623' 'GO:0017071' 'GO:0030680') collect: [ : goTerm |
 | quickGO |
 quickGO := 'http://www.ebi.ac.uk/QuickGO-Old/GTerm?id={1}&format=oboxml' format: { goTerm }.
 goTerm -> (XPath 
  for: 'normalize-space(/obo/term/name/text())' 
  in: (XMLDOMParser on: (ZnEasy get: quickGO) contents) parseDocument) ].

You've got similar code in Perl and Java so you can compare:

.




domingo, 23 de septiembre de 2018

Pharo Script of the Day: Rename instance variables programmatically

Today I am starting a series of posts sharing some short (I hope) Pharo scripts which can be useful for others in the community. I have published some of them in the mailing list, so it is also an attempt to resurrect them from the oblivion. The first script goal is to programmatically rename an instance variable in MyClass from oldName to newName (tested in Pharo 6.1):

(RBRenameInstanceVariableRefactoring
        rename: 'oldName'
        to: 'newName'
        in: MyClass) execute