Implement "in app purchase" module about javascript HOT 38 CLOSED

@libreliodev How can user login? Is it only for userservice?

from javascript.

@serverfire

How can user login? Is it only for userservice?

Sorry, I don't understand your questions. Can you please be more precise?

Also, please note that #44 is the most urgent issue.

from javascript.

@libreliodev
You've said.

If the user did not log in previously, a modal dialog should be shown:

How can we know user is logged in? You didn't mentioned anything about it.

from javascript.

@serverfire

You've said.

If the user did not log in previously, a modal dialog should be shown:

How can we know user is logged in? You didn't mentioned anything about it.

The user will log in using this modal dialog. You should remember the credentials in local storage.

from javascript.

@libreliodev I don't have enough resources to test this issue.
I need to have access on a test user and code.
It would be nice to set correct CORS info for those two link in order to have access to them via ajax.

from javascript.

@serverfire

It would be nice to set correct CORS info for those two link in order to have access to them via ajax.

This will be done tomorrow (https://github.com/libreliodev/php/issues/20)

I need to have access on a test user and code.

You'll get codes to test via private message tomorrow.

from javascript.

@serverfire

I need to have access on a test user and code.

You'll get codes to test via private message tomorrow.

Sorry, this will not be ready today. Hopefully tomorrow morning.

from javascript.

@serverfire Codes have been sent to you by private message

from javascript.

@libreliodev I did another test on user service. But i get this error. 461 UnauthorizedUser
Can you check why i get this error?

from javascript.

@serverfire Can you provide the complete URL sent to the server?

from javascript.

@serverfire Please pay attention to this

&deviceid=[unique id of user device]

This is important because a given user can only use a limited number of devices to view a given issue. This is intended to avoid an unlimited number of people using the same userID/password. See http://stackoverflow.com/questions/18738161/unique-device-identification for an explanation of what we are trying to achieve. Using fingerprintJS might be a good idea.

from javascript.

@libreliodev There is no standard method to get device id via browser. And fingerprint.js is not suitable to use in here. Also this method can be easily cracked by using first device id for all requests.
We can discuss this in more details.

from javascript.

@serverfire Thank you for your comments.

There is no standard method to get device id via browser. And fingerprint.js is not suitable to use in here

Why is fingerprint.js not suitable? Are there technical incompatibilities?

Also this method can be easily cracked by using first device id for all requests.

The issue is not to avoid hackers cracking this protection. The issue is to prevent someone sharing his subscription credentials with friends and families, or on the internet. Any other suggestion?

from javascript.

@libreliodev fingerprint.js may(94% success) find a unqiue id for particular browser. This means user cannot access the file in another browser.
If some changes happens to browser unique id will change.
I don't think it's a good idea to pass it as device id.

from javascript.

@libreliodev We can place other restrictions.

1. Limit by region.
2. Limit by ip address(one or multiple ip address).
3. Limit by requests per day.
4. ...

from javascript.

@serverfire

94% success

What this means according to my understanding is that in rare cases, 2 different browsers can have the same fingerprint. Not a big issue for us.

This means user cannot access the file in another browser.

Yes, as mentionned, we allow "a certain number" of different device ids.

If some changes happens to browser unique id will change.

Not a problem, because we allow "a certain number" of different device ids.

Limit by region, Limit by ip address, Limit by requests per day

Not options. We need to allow a given user to read as much as he wants on a given "device".

from javascript.

@libreliodev Alright. No problem.
About request to subscribers.php, ajax is not able to handle redirect response 302.
We've to add a way to get json response from this page with redirect url.
Can we do that?

from javascript.

@libreliodev I see its response is in xml. That's ok. Can we have a special query to send 200(OK) response always?

from javascript.

@serverfire

About request to subscribers.php, ajax is not able to handle redirect response 302.
We've to add a way to get json response from this page with redirect url.
Can we do that?

Yes, we can add a response in the body. It would probably be better to use XML for consistency reasons. Is something like this OK?

   <?xml version="1.0" encoding="UTF-8"?>
        <Redirect>
            <UrlString>[Redirect URL]</UrlString>
        </Redirect>

from javascript.

@libreliodev Alright.

from javascript.

@serverfire

Can we have a special query to send 200(OK) response always?

Is it a problem if you get a 302 header, with the XML body?

from javascript.

Yes 302 is the problem.

from javascript.

Yes 302 is the problem.

You mean, you can read only responses with 200 header? So, the same applies for error messages?

from javascript.

Yes. And i didn't saw redirect tag in 302 response.

from javascript.

And i didn't saw redirect tag in 302 response.

It's not yet implemented!!!

Please add the header=200 arg to all requests. This should be implemented later today or tomorrow, you'll be informed via Github.

from javascript.

Redirect and error tags without headers are now implemented (https://github.com/libreliodev/php/issues/22)

from javascript.

@libreliodev It's not implemented correctly. I get parse errors.
UrlString content's should be encoded. You can encode urlstring data using htmlspecialchars function in php.

from javascript.

@serverfire Done, sorry for the mistake

from javascript.

@libreliodev Done!

from javascript.

@serverfire Just tested using Safari on Mac. Nothing happens after entering user name and password.

from javascript.

@libreliodev Fixed!

from javascript.

@serverfire Just tested again, on localhost, and http://librelio-com.s3-website-eu-west-1.amazonaws.com, under Safari and Firefox. Nothing happens after clicking on submit. Is bower installneeded?

from javascript.

@libreliodev Yes bower install is required. (for fingerprint). Sorry i forgot to tell you.

from javascript.

@serverfire Tested again.

Please do not offer the possibility to download the pdf file (which should never occur), proceed directly to reader.

from javascript.

@libreliodev It's not possible to open pdfreader(on new page) without this extra step. Only thing we can do is to open reader in current page.(meaning no target="_blank")
Or user should click on View PDF File. (remove Download File link)

from javascript.

It's fine to open in current page.

On 19 Jun 2014, at 15:47, serverfire [email protected] wrote:

@libreliodev It's not possible to open pdfreader without this extra step. Only thing we can do is to open reader in current page.(meaning no target="_blank")
Or user should click on View PDF File. (remove Download File link)

—
Reply to this email directly or view it on GitHub.

from javascript.

@libreliodev Fixed!

from javascript.

Successfully tested, despite minor bugs/ommissions detected, reported separately.

from javascript.