Download backup - email link only

In the past when I clicked the Download button on the backups screen, the browser downloaded the file. Now the tooltip reads “Send email with download link” and it emails me with a link to download it. Is that new behavior that I just missed or is there an issue with my install?

Yes, that is new behavior added to increase the security of the backups. I’m looking for the relevant topic now…

Edit: Here you go:

So. I have four Discourse forums. I like to download my backups daily, for each. In each case, I must navigate to the “backups” page, click on the download link, switch over to my e-mail program, wait for the message to arrive, and click on the link that’s provided? Every day?

I understand the need for security (and that’s one reason I don’t use SSO at all!), but this sucks.

Given this convoluted workflow, is there some way that I could easily bypass all of this and automatically download the most recent backup for each of my sites daily?

Have you considered having your uploads automatically backup to S3? If you want to take backups every day that’s even simpler than logging in to download them.

Thanks, @eviltrout, I may look into that. I’ve usually stayed away from Amazon’s services, and so had forgotten that this was a baked-in option.

(Logging in hasn’t been an issue, as I’m a moderator on each of the forums anyway, and have browser tabs for them pinned open — so downloading the automatic backups been dead easy.)

We are also going to be adding more cloud providers for automatic backups in the future via the Rails Girls Summer of Code project, if Amazon isn’t your thing.

The best kinds of backups are the ones you don’t have to do anything about

Yeah, and Dropbox Backups already works.

Is there a way to disable this feature? I used to download backups automatically to a server in my control by inspecting /admin/backups.json using an admin API token (of an account which doesn’t have an email address in the first place).

I’d be more interested in being able to set an encryption key for the backups. If someone manages to steal the API key for my backup bot then I could still rest relatively easy knowing the private key is only on the backup download server, which doesn’t face the internet apart from downloading the backups.

I understand the security implications, however, I’d consider storing (unencrypted) backups on someone else’s server to be more dangerous than the risk of someone obtaining the API key for my bot (which resides only on a system I have physical control of, and does not act as a server). Making Discourse push backups to the system would be less optimal for me as that would mean I had two internet-facing servers to worry about instead of one.

There’s no way to disable this feature, and because we want to be very secure by default I can’t see us allowing a user to do that any time soon. You could build a plugin that allows you to access the backups directly.

The encryption key is not a bad idea as a separate feature, but it wouldn’t mean we’d pull back this feature.

Sorry for the late reply.

Oh yeah, allowing a user to disable the feature kind of makes the feature meaningless I suppose, hadn’t thought of it that way.

Then I’ll consider making a plugin .Thanks for the quick response and suggestion!

We had an issue here because it made it much harder to download a backup from a (third party) provider where we don’t have shell access, and upload it to one of our own servers. Especially when handling a large backup and both servers are in the USA (we’re in Europe) this process was costing us hours instead of minutes.

Somehow the backup link does not work with an api_key so a simple wget will not work

We made a small script that can be called from the command line. It needs three parameters:

• username
• password
• download link from the email, including the token

So something like

./download.sh myuser mypass https://forum.mysite.com/admin/backups/mysite-2017-05-31-113000-v20170526125321.tar.gz?token=d31de61bc07f7bc9060717bc57828584

Here is the script:

#!/bin/bash
USERNAME=$1
PASSWORD=$2
URL=$3
HOSTNAME=$(echo $URL | awk -F/ '{print $3}')

TOKEN=$(
curl \
  --header "X-Requested-With: XMLHttpRequest" \
  -A "MSIE" \
  -b cookies.txt \
  -c cookies.txt \
  -v\
  https://$HOSTNAME/session/csrf|awk -F: '{print $2}'|cut -c2-89
)

echo "Using Token $TOKEN Username $USERNAME Password $PASSWORd"
curl \
  --header "X-Requested-With: XMLHttpRequest" \
  --header "X-CSRF-Token: $TOKEN" \
  --header "Origin: https://$HOSTNAME"  \
  -A "MSIE" \
  -b cookies.txt \
  -c cookies.txt \
  -v\
  --data "login=$USERNAME&password=$PASSWORD" \
  https://$HOSTNAME/session

curl \
  -A "MSIE" \
  -b cookies.txt \
  -c cookies.txt \
  -O \
  $URL

One more suggestion: would it be an idea to exclude the email with the link from being affected by the disable_email setting?

I think it a quite bad idea.

Because the browser downloader usually stops at some time. The backup package is quite big usually, but if we only have one chance to download and then the link will pastdue, usually it will download half and stoped there.

Can you support breakpoint resume download? If not, you’d better think of a better way to help people successfully download the whole package with the browser.

Eu tenho o mesmo problema. Tenho que desativar esse recurso por motivos pessoais.

Entendo que você quer ser muito seguro por padrão. Mas podemos ter opções não padrão?
Ou podemos ter uma opção para enviar o link para um novo endereço de e-mail de destino?
Concordo plenamente em defini-lo como uma opção padrão.

Existem muitos recursos que podem ser definidos como desativados ou não padrão. Talvez eles não devam ser sem sentido.

O link do e-mail ou não não é o principal problema aqui. Agora devemos lembrar que baixar o backup foi uma solução para um problema real e que era, e é, raramente feito backups.

Faço backup do banco de dados da minha loja virtual a cada 5 minutos. Meu CMS faz backup a cada hora. Com o Discourse, o peixe mais fresco que consigo é uma vez por dia nativamente. Isso significa que, como estou perdido com docker e qualquer outra coisa além de MySQL/MariaDB, corro o risco todos os dias de perder algum conteúdo se algo der errado nesta janela de 24 horas.

Isso já aconteceu comigo uma vez, na verdade.

Com o método atual de link de e-mail, quando eu estava baixando backups em uma região com rede restrita, eu sempre travava em 30%, mesmo se eu usasse VPN por algum tempo.

Terei um problema semelhante no futuro se ainda for apenas por e-mail e link naquele momento.

Se você estiver auto-hospedado e quiser baixar o backup, pode fazê-lo via ssh/scp. Outra opção é ter backups armazenados no S3. Baixá-los através do navegador web não é uma maneira confiável de automatizar o processo.

Se você quiser esse nível de capacidade de voltar no tempo, você deve configurar o postgres para permitir rollbacks e/ou ter um servidor de backup ao vivo.