想为answer配置通过GitHub登录的方式，相关的配置有案例说明吗？

Enabling Check Email Verified: The OAuth2 site has verified the email sends an email to the new user and makes it inactive. Having a verified email address should have the opposite effect, thus avoiding this check. It almost looks like the UI control on/off is inverted.

Original post from questions/D1ng

Add sharing to more apps such as WeChat and Weibo.

use scene

Easy subscription tracking problem list

Hi 👋,

First of all, thanks for providing Answer and congrats for joining Apache 👍

I'm having a plugin use-case in mind I'd like to work on, that is - as far as I'm able to see - currently not supported.

Idea/Use-Case

I'd like to implement a plugin that checks user submitted content for security sensitive information like credentials and asks
the user if the content really should be submitted as is.
Submitting such kind of information if fairly easy especially if you're copy & pasting code snippets (totally unrelated to Answer itself obviously).

This would allow to not even persist sensitive data in case it's not intended by the user. Persisiting sensitive information is an issue as Answer keeps the content history - which is really great in general (I really like the diff functionality ❤️) but not in case you submit something that better shouldn't have been.
To detect credentials potentially, I was thinking about using something like e.g. DeepPass.

Additional thoughts

• it potentially involves both frontend and backend functionality
• needs to intervene (optionally with user consent) before data gets persisted
• should involve scanning user questions, answers and comments, basically all user submitted content

Looking forward for feedback 😃

Hey team,

having MeiliSearch activated, the advanced search isn't entirely supported:

using is:question or is:answer doesn't has results anymore:

same with the other options (user:, answers:, score:).

Tags in searches [mytag] seems to be ignored, as the result contains any tags, and isn't different to a search without [tag]s.

MeiliSearch log doesn't show any errors (search requests respond with http 200), please shout out, if I shall test something or which details to provide.

Thx!

To fix this issue apache/incubator-answer#680, there're some changes on the search plugin interface, PR. And all search plugins need to update to make them be compatible with the latest search interface.

I'll start with elastic search plugin.

Based on #18

I can create MinIO storage plugin

Administrators increase or decrease reputation for some users directly through the Admin panel, and record the reasons why.

I have OAuth with Azure set up based on this Answer. It almost works, but when I click "Connect with Azure", the site redirects to the "Authorize URL" except the host is the answer site's hostname and not login.microsoftonline.com. If I replace the hostname with login.microsoftonline.com the authorization flow works and I'm correctly redirected back to answer logged in.

Answer 1.2.1
Basic plugin built from main Jan-10

It looks like it's redirecting to a relative path.

2024-01-11 15:34:10 10.31.4.187 GET /9c582cbd-d99d-43af-83ca-e812b96ed331/oauth2/v2.0/authorize client_id=...

Are there logs that could help me troubleshoot this flow?

Github登录插件显示：

如何显示自定义名称？

I am trying to make discord work but get the message above. It leads me to believe that something with the returning json object is not correct (or that the configuration is missmatched), however requesting it by hand reveals all nessesary information, so i am unsure why exactly this issue pops up.

The logfile:

2023-07-05 01:30:26.245	ERROR	/go/src/github.com/answerdev/answer/answer_build3569351421/vendor/github.com/answerdev/plugins/connector/basic/basic.go:135	fail to get user id from json path: id

2023-08-24 16:57:41.504	�[31mERROR�[0m	handler/handler.go:28	init es client error: parse "127.0.0.1:9200": first path segment in URL cannot contain colon
/go/src/github.com/answerdev/answer/answer_build3704086532/vendor/github.com/answerdev/answer/internal/controller_admin/plugin_controller.go:178 github.com/answerdev/answer/internal/controller_admin.(*PluginController).UpdatePluginConfig
/go/src/github.com/answerdev/answer/answer_build3704086532/vendor/github.com/gin-gonic/gin/context.go:174 github.com/gin-gonic/gin.(*Context).Next
/go/src/github.com/answerdev/answer/answer_build3704086532/vendor/github.com/answerdev/answer/internal/base/middleware/auth.go:142 github.com/answerdev/answer/internal/base/middleware.(*AuthUserMiddleware).AdminAuth.func1

The connection address is filled with 127.0.0.1:9200
But the above error occurred.

It may be a problem of description, and the name of the agreement should be added.

Although the existing editor is almost enough, we should try to support it.

1. https://github.com/Tencent/cherry-markdown
2. https://github.com/tinymce/tinymce

环境：

answer 版本：v1.1.0

配置了 plugin.github_connector, 如下图：

问题：

点击 github验证按钮，报如下错误：

controller/connector_controller.go:74 connector basic not found

https://www.algolia.com/

When running

answer build --with github.com/apache/incubator-answer-plugins/search-meilisearch

If fails with

[go build -ldflags -X github.com/apache/incubator-answer/cmd.Version=1.2.1 -X github.com/apache/incubator-answer/cmd.Revision=3f696b6 -X github.com/apache/incubator-answer/cmd.Time=1702543995 -o /new_answer .]
# github.com/apache/incubator-answer-plugins/search-meilisearch
vendor/github.com/apache/incubator-answer-plugins/search-meilisearch/meilisearch.go:327:70: cannot use tagGroup (variable of type string) as []string value in argument to strings.Join
build failed exit status 1

Tried also different refs like github.com/apache/incubator-answer-plugins/search-meilisearch@main, did not manage to get around the error.

answer -v:

answer version 1.2.1
revision: 3f696b6
build time: 1702543995

build environment based on the official answer docker image:

FROM apache/answer:1.2.1 as builder

RUN apk --no-cache add \
    build-base git bash nodejs npm go && \
    npm install -g pnpm

RUN answer build \
    --with github.com/apache/incubator-answer-plugins/connector-basic \
    --with github.com/apache/incubator-answer-plugins/search-meilisearch \
    --output /usr/local/bin/answer_with_plugins

Does anyone could implement the connector for WeChat & Web3.0 ?

Also possible using Facebook & Twitter for login , it will be even better.

Hi 👋 ,

Congratulations for joining Apache! Answer is really an awesome project!

I saw there was already a go-redis plugin for caching. Would you still be interested in having rueidis integration that leverages redis client tracking feature for synchronizing local caches?

Is it possible to give certain users a specific starting reputation to meet privilege minimums?

It is hoped that the uploaded files can be stored in a file system such as OSS or MinIO instead of local storage

希望上传的文件可以存储在OSS或MinIO等文件系统中，而不是本地存储

I tried to run: $ docker run -d -p 9080:80 -v answer-data:/data --name answer apache/incubator-answer:all-in-one and got the following error:

Unable to find image 'apache/incubator-answer:all-in-one' locally
docker: Error response from daemon: pull access denied for apache/incubator-answer, repository does not exist or may require 'docker login': denied: requested access to the resource is denied.

Might be a noob question, but, any help here?

It's import that we have license file in you repo. I just quote some words from the Open Source Guide

An open source license guarantees that others can use, copy, modify, and contribute back to your project without repercussions. It also protects you from sticky legal situations. You must include a license when you launch an open source project.

Hey team,

thank you for providing us with the MeiliSearch plugin.

It's working well when searching for text or title of a question, but there are flaws in finding text in answers, haven't identified the pattern yet.

For instance, the answer in this question:

cannot be found:

where others can be:

Furthermore, it seems, that, when searching for the first word of an answer text, it can never be found.

No idea, how to provide you with more insights, the MeiliSearch log seems unspectacular (http 202 when creating/updating posts, http 200 on searches).

Running the latest answer:all-in-one image, and the getmeili/meilisearch:v1.3.0 image.

I would like to one day set up an Answers instance for Yarn.social for the (small, but) growing community.

In order to continue to project the privacy of users it would be nice to have support for IndieAuth, which works a bit like OAuth but is a bit simpler and designed to support "logging in via your own domain".

As all instances of Yarn.social pods (yarnd) today do not require any kind of email address or personal information and are also valid IndieAuth providers, this is ideal as users in the community can just login with their existing credentials against their domain/pod.

Thank you for considering this feature! 🙏 I fully support many of the aspects of the IndieWeb such as IndieAuth as they tend to err on the side of privacy and owning your own data.

Authentication and registration of new users worked fine, but it stopped to work suddenly.

No parameters to the OAuth2 provider were changed (except the name, which I reverted, without any effect).

Here is the log:

INFO	user_external_login/user_external_login_service.go:182	user 1 login with external account, try to active email, old status is 1

No email server has been configured.

Describe the bug

As a database for answer(v1.2.1) we use postgres (postgres:15-alpine in docker). We have also configured SSO, but when trying to authorize we get an error:

2024-02-02 10:08:09.268	ERROR	controller/connector_controller.go:146	external login failed: code: 500, reason: base.database_error, message: , error: pq: invalid byte sequence for encoding "UTF8": 0xd0
/go/src/github.com/apache/incubator-answer/answer_build320162676/vendor/github.com/apache/incubator-answer/internal/repo/user/user_repo.go:65 github.com/apache/incubator-answer/internal/repo/user.(*userRepo).AddUser.func1
/go/src/github.com/apache/incubator-answer/answer_build320162676/vendor/xorm.io/xorm/engine.go:1423 xorm.io/xorm.(*Engine).Transaction
/go/src/github.com/apache/incubator-answer/answer_build320162676/vendor/github.com/apache/incubator-answer/internal/repo/user/user_repo.go:53 github.com/apache/incubator-answer/internal/repo/user.(*userRepo).AddUser
/go/src/github.com/apache/incubator-answer/answer_build320162676/vendor/github.com/apache/incubator-answer/internal/service/user_external_login/user_external_login_service.go:208 github.com/apache/incubator-answer/internal/service/user_external_login.(*UserExternalLoginService).registerNewUser
/go/src/github.com/apache/incubator-answer/answer_build320162676/vendor/github.com/apache/incubator-answer/internal/service/user_external_login/user_external_login_service.go:155 github.com/apache/incubator-answer/internal/service/user_external_login.(*UserExternalLoginService).ExternalLogin
/go/src/github.com/apache/incubator-answer/answer_build320162676/vendor/github.com/apache/incubator-answer/internal/controller/connector_controller.go:144 github.com/apache/incubator-answer/internal/controller.(*ConnectorController).ConnectorRedirect.func1
/go/src/github.com/apache/incubator-answer/answer_build320162676/vendor/github.com/apache/incubator-answer/internal/controller/connector_controller.go:97 github.com/apache/incubator-answer/internal/controller.(*ConnectorController).ConnectorRedirectDispatcher
/go/src/github.com/apache/incubator-answer/answer_build320162676/vendor/github.com/gin-gonic/gin/context.go:174 github.com/gin-gonic/gin.(*Context).Next
/go/src/github.com/apache/incubator-answer/answer_build320162676/vendor/github.com/anargu/gin-brotli/gin_brotli.go:71 github.com/anargu/gin-brotli.Brotli.func1
/go/src/github.com/apache/incubator-answer/answer_build320162676/vendor/github.com/gin-gonic/gin/context.go:174 github.com/gin-gonic/gin.(*Context).Next
/go/src/github.com/apache/incubator-answer/answer_build320162676/vendor/github.com/gin-gonic/gin/gin.go:620 github.com/gin-gonic/gin.(*Engine).handleHTTPRequest
/go/src/github.com/apache/incubator-answer/answer_build320162676/vendor/github.com/gin-gonic/gin/gin.go:576 github.com/gin-gonic/gin.(*Engine).ServeHTTP
/usr/local/go/src/net/http/server.go:2947 net/http.serverHandler.ServeHTTP
/usr/local/go/src/net/http/server.go:1991 net/http.(*conn).serve
/usr/local/go/src/runtime/asm_amd64.s:1594 runtime.goexit

answer=# SHOW server_encoding;
 server_encoding
-----------------
 UTF8
(1 row)

answer=# \dt
                 List of relations
 Schema |           Name           | Type  | Owner
--------+--------------------------+-------+--------
 public | activity                 | table | answer
 public | answer                   | table | answer
 public | collection               | table | answer
 public | collection_group         | table | answer
 public | comment                  | table | answer
 public | config                   | table | answer
 public | meta                     | table | answer
 public | notification             | table | answer
 public | plugin_config            | table | answer
 public | power                    | table | answer
 public | question                 | table | answer
 public | report                   | table | answer
 public | revision                 | table | answer
 public | role                     | table | answer
 public | role_power_rel           | table | answer
 public | site_info                | table | answer
 public | tag                      | table | answer
 public | tag_rel                  | table | answer
 public | uniqid                   | table | answer
 public | user                     | table | answer
 public | user_external_login      | table | answer
 public | user_notification_config | table | answer
 public | user_role_rel            | table | answer
 public | version                  | table | answer
(24 rows)

When using sqlite database - there is no error and authorization is successful.

To Reproduce

Steps to reproduce the behavior:

1. Configure postgres as a database for answer (postgres:15-alpine)
2. Configure SSO
3. Try authorization

Expected behavior

Authorization was successful

Screenshots

We also have some empty fields in the SSO configuration:

Hi there, was wondering if this product supports LDAP or SAML support? Adding would add lot of flexibility to the product.

• #61
• #62

I'm trying to connect an Answer instance to my institution's IDP (Shibboleth), but I consistently get a 50x error in browser accompanied by the following entry in the application log:

ERROR	/go/src/github.com/answerdev/answer/answer_build422575497/vendor/github.com/answerdev/answer/internal/controller/connector_controller.go:111	connector received failed, error info: code exchange failed: oauth2: cannot fetch token: 400
Response: {"error":"invalid_request","error_description":"InvalidEvent"}, response data is:

(The "response data is:" part is left intentionally blank, nothing is printed there)

The IDP log shows the following contemporaneous error:

Profile Action ValidateClientAuthenticationType: Client '[redacted]' registered client_secret_basic but attempted client_secret_post
A non-proceed event occurred while processing the request: InvalidEvent
Profile Action BuildTokenErrorResponseFromEvent: No mapped event found for InvalidEvent, creating general invalid_request
Profile Action BuildTokenErrorResponseFromEvent: ErrorResponse successfully set as the outbound message

Some searching of the IDP configuration confirms that it advertises token_endpoint_auth_methods_supported as [ "client_secret_basic", "client_secret_post", "client_secret_jwt", ... ] when communicating with OIDC clients, but according to the upstream mailing lists, the client is expected to identify which supported token_endpoint_auth_method it intends to use. I don't believe that the OAuth2 client does that automatically, and there doesn't seem to be a configuration parameter to specify it manually either.

EDIT for version info:
I'm using Answer v1.1.1 pulled from Docker

Dear developers,

I am writing to suggest a new feature for your project, which I believe could help take it to the top of the community support tools.

It would be great if you could add a login feature through Discord, but with the ability to limit it by Guild. This would turn your application into an ideal tool for community support. The login should obtain the user's name and profile picture, and limit the access to only the members of the server's guild. If it could also be limited by role, it would be even better.

Another interesting option would be the ability to send webhooks when a new post is made. This could be used to post on Discord that a new question has been asked.

If anyone is working on this functionality and would like to contact me, we could test it and see how I can help.

Thank you for your consideration.

Sincerely,

Is your feature request related to a problem? Please describe.
It would be great to see a Slack integration for posting new questions and being notified when you are attracted to a question

I can create meilisearch search plugin, are you developing this?

Is your feature request related to a problem? Please describe.
For self-hosted services 2FA is strongly needed

Describe the solution you'd like
I would like to be able to set 2fa for myself in answer

Describe alternatives you've considered
NA

Is your feature request related to a problem? Please describe

As of the current version of Answer, it is impossible to insert Latex equations, which significantly limits the notation experience for users working with mathematical and scientific data. The lack of this feature represents a considerable challenge when attempting to represent complex mathematical models in the project.

Describe the solution you'd like

Adding support for Mathjax can solve this issue.

When I correctly configured Google OAuth's Client ID and secret key, I jumped to the 50x page after loading for a long time when I logged in. The log content is as follows:

2023-08-23 16:59:29.572	�[31mERROR�[0m	/go/src/github.com/answerdev/answer/answer_build9167698/vendor/github.com/answerdev/answer/internal/controller/connector_controller.go:111	connector received failed, error info: Post "https://oauth2.googleapis.com/token": dial tcp 172.217.160.106:443: i/o timeout, response data is: 
2023-08-23 16:41:50.484	�[31mERROR�[0m	/go/src/github.com/answerdev/answer/answer_build9167698/vendor/github.com/answerdev/answer/internal/controller/connector_controller.go:111	connector received failed, error info: Post "https://oauth2.googleapis.com/token": read tcp 172.17.0.2:40970->172.217.160.106:443: read: connection reset by peer, response data is: 

I run Answer in Docker and use nginx reverse proxy and CDN.

172.17.0.2:40970 is the IP address of Docker.

I don't understand how to solve this problem.

Is your feature request related to a problem? Please describe.
We have a significant number of users who prefer to use WeCom for their professional communications. Currently, our platform does not support WeCom QR code scanning for user authentication, causing inconvenience for these users. They must manually input their login credentials each time, which can be cumbersome and time-consuming.

Describe the solution you'd like
I'd love to see a feature where our platform can support WeCom QR code scanning for user authentication. This would streamline the login process for those who heavily rely on WeCom, making our platform more user-friendly and accessible.

Is your feature request related to a problem? Please describe.
For large code blocks, we need high-light effect on specific lines, these high light lines are better to explain and anwser the question.

Describe the solution you'd like
Like code line high-light in mkdocs material, the high-light syntax looks like this:

``` py hl_lines="2 3"
def bubble_sort(items):
    for i in range(len(items)):
        for j in range(len(items) - 1 - i):
            if items[j] > items[j + 1]:
                items[j], items[j + 1] = items[j + 1], items[j]
```

and we get the effect:

I've updated an AnswerDev installation to use Meilisearch, but only newly created or updated questions and answers can be searched.

How to create a full site index with all existing content?

Thank you!

问题描述：当 OAuth 2 中未找到对应人员时，会先提示“需要添加恢复邮箱”，输入任意邮箱后，提示“用户不存在”。

问题解决：经过检查发现，问题在于我们的门户系统没有分配给对应人员权限，所以未能查询到用户。不过先出现的”需要添加恢复邮箱“提示误导了我，花了较多时间检查配置项。

复现顺序：

1. 我先启用了 Check Email Verified 配置项，并错误配置了 Email Verified JSON Path 为 user.email。
2. 我尝试了 OAuth 登录，触发了”需要验证电子邮箱“的提示。
3. 我意识到错误后，关闭 Check Email Verified 并删除了 Email Verified JSON Path 的内容。
4. 再次尝试登录，我成功登录进了系统，并没有出现”验证邮箱“提示。此时我认为我的配置是正确的。
5. 我邀请我的 2 位同事进行测试，他们用了全新浏览器使用 OAuth 登录系统，然后提示”需要添加恢复邮箱“，输入邮箱后，提示”用户不存在“。
6. 在门户系统中分配人员权限后，此问题消失。

希望调整：

1. 希望优化提示顺序，”未找到用户”应优先于”需要添加恢复邮箱“显示，否则容易让人误以为“需要额外绑定邮箱”。
2. 希望让提示更明确一些，改为“未在 OAuth 中找到对应用户”之类的。

if you specify oauth2.AuthStyleInParams，ClientID and ClientSecret will be added as client_id and client_secret in params of the request，but if the server wants the clientID & clientSecret in a different form，such as Basic Authorization，the ConnectorReceiver will failed with connector received failed, error info: code exchange failed: oauth2: cannot fetch token: 401 Unauthorized

however, if we delete AuthStyle: oauth2.AuthStyleInParams，ConnectorReceiver will first try AuthStyleInHeader such as Basic Authorization; if failed, then try AuthStyleInParams(client_id and client_secret params)

refer to: https://github.com/golang/oauth2/blob/4c91c17b32051e551fc27bdbdea4edc060b0aae5/internal/token.go#L212

Hi,
I noticed the username is random. I wonder if that is because my OAuth does not provide a user ID, so I use the email instead, which contains invalid characters. The invalid characters could just be replaced, if that is the problem.

It would be nice to have usernames that are based on the desired username, instead of having random usernames.

This answer is very easy to use and neat; want to organize and use the existing business system, but it is troublesome to let users re-register. In order to better interact with users, it is necessary to increase users' third-party authentication, such as QQ and Wechat.

I now have a system. I think the current system users can log in to Answer. Is there an example in this regard?

I'm trying to configure OAuth2 with self-hosted GitLab server (which using LDAP for own authentication).
I did test all OAuth configs with Postman and everything is fine.
I'm getting x509 issue when I'm trying to authorize via OAuth2.

ERROR /go/src/github.com/answerdev/answer/answer_build3894253293/vendor/github.com/answerdev/answer/internal/controller/connector_controller.go:112 connector received failed: code exchange failed: Post "https://gitlab.myserver.com/oauth/token": x509: certificate signed by unknown authority

I'm using k8s deployment with official helm-chart. How to provide my custom certificate?

I enabled /answer/api/v1/connector/login/basic as callback, as suggested in README.md, but the OAuth shows that the request is using /answer/api/v1/connector/redirect/basic.

https://github.com/answerdev/plugins/blob/b35f4c06e51527f68d62dded9966490847344197/connector/basic/README.md?plain=1#L30

To fix this issue apache/incubator-answer#680, there're some changes on the search plugin interface, apache/incubator-answer#680. And all search plugins need to update to make them be compatible with the latest search interface.

• update meilisearch plugin.
• update algolia plugin.