mozilla / login.webmaker.org Goto Github PK

License: Mozilla Public License 2.0

JavaScript 76.42% CSS 15.70% HTML 7.88%

login.webmaker.org's Introduction

login.webmaker.org

This is our SSO server and identity provider for webmaker.org and all our additional Webmaker websites; sign in once, sign in everywhere!

Getting the Server Up and Running Locally

The app is written using nodejs and uses npm for package management.

Once you have those you can get things up and running by:

Install npm modules - npm install
Use the default configuration - cp env.sample .env
Run the server - npm start

Tests

We use Grunt to lint our CSS and JS and these tests are run on each pull request sent into the mozilla repo using travis-ci.

If you want to check your code passes before sending in a pull request (and ensure no breaking builds) then:

ensure that grunt is installed globally on your system - npm install -g grunt
run grunt --travis test

login.webmaker.org's People

Contributors

Stargazers

Watchers

login.webmaker.org's Issues

Delete account function on /account broken

The request 403's 👎

TODO: Add Mongoose Mongodb-connection error handling

If the mongoose's connection to the MongoDB fails, it should do as loudly as possible.

Mongoose error handling takes the form:

mongoose.connection.on("error", errorHandleCB);

Update to node 8.x LTS

Using node 4.x is becoming a pain for Thimble contributors who are trying to setup Thimble manually since Thimble and all other services it relies on (except login.wm.org) can run on node 6.x. Running nvm is not possible on Windows and its alternatives are pretty terrible.

Username on "Uh-oh, there's no password for that account yet" page shouldn't be editable.

If you have an account that doesn't have a password and you try to sign in, we attempt to send you an email to set a password but not before you see this strange page...

Some thoughts

I can't tell why I would want to edit the username here, or what effect that could have?
- If I change the username here and hit Continue, what happens?
Why is there a green checkmark next to the username? It makes it seem like "things are OK" when actually things aren't okay overall.
Continue is a vague action - can we change it to Set Password or something like that?

alphanumeric characters in username

There is a string that says:
"Invalid username. All usernames must be between 1-20 characters, and only include "-" and alphanumeric characters"

But in my language we dont say alphanumeric so its not so clear for me exactly what i can use.
Does it include "-" 0-9 a-z A-Z and nothing else ?

Update Node.js

Update the minumum required version of Node.js in package.json

bugzilla link in readme is incorrect

Send out transactional emails to users 3 days after Webmaker install

We need to send emails to users 3 days after they install and sign up to use Webmaker app.

@jbuck's advice was to use a worker process here, in login.webmaker.org, to wake up each day (or hour?) and send messages through hatchet to any 3-day-old users.

@HPaulJohnson and @KevZawacki will have content for the email which will be sent out through sawmill via webmaker-mailroom.

cc @HPaulJohnson @jbuck

Reports of the key not working

Hey!

Over the past week or so we've had a few issues about people having problems with the key. Things like "The login key is not working. I tried for five minutes, but I didn't get the email for the key. Now I can't get into my account."

No report of error messages so it might be user error but though I'd file it here just in case.

Wiki changes

FYI: The following changes were made to this repository's wiki:

defacing spam has been removed
Restricting write access to contributors is strongly encouraged. Please make that change (documentation).

These were made as the result of a recent automated defacement of publically writeable wikis.

Can't login to webmaker account through goggles

Seems spotty -- happens for some accounts, but not others.

Go to goggles.mofostaging.net
Try to sign in.
:(

POST http://goggles.mofostaging.net/auth/v2/uid-exists 403 (Forbidden)
POST http://goggles.mofostaging.net/verify 403 (Forbidden)
webmakerLogin.js:1957 Uncaught TypeError: Uncaught, unspecified "error" event.

Privacy policy & Terms of Service links need to be updated

Links should be to:
https://beta.webmaker.org/#/legal
https://www.mozilla.org/privacy/websites

"Want your own Webmaker profile?" No thanks. Already have one.

If i go to my profile sometimes on the top og the page it says "Want your own Webmaker profile?" and theres a button to sign up, but i already have an account, so maybe this should not be showned, at least not for users that are loggin in.

Unable to delete account

User emailed saying hyperlink in "Settings" to delete account is not working. I just tested it with my own account and also cannot delete it.

remove assertion posting in /user/id verification

https://github.com/mozilla/login.webmaker.org/blob/master/app/http/views/js/sso-ux.ejs#L155 probably has no reason to exist.

Indicate that sawmill should render a migration token email VS regular token login email

From mozilla/id.webmaker.org#109

Need a method to indicate that sawmill should render a migration token email VS regular token login email for migrating users on id.webmaker.org.

Sign in and keep me signed in should be the promoted default

Our emails encourage people to not set cookies. That's pretty guaranteed to lead to heart-ache.

We should highlight the "Sign in and keep me signed in" link over the other one.

fix all the warnings + errors for login on node 0.12

usdt.c:212:9: warning: implicit declaration of function 'usdt_dof_section_free' is invalid in C99
      [-Wimplicit-function-declaration]
        usdt_dof_section_free(&strtab);
        ^
usdt.c:238:9: warning: implicit declaration of function 'usdt_dof_file_free' is invalid in C99
      [-Wimplicit-function-declaration]
        usdt_dof_file_free(provider->file);
        ^
2 warnings generated.
gcc -O2 -arch x86_64   -c -o usdt_dof_file.o usdt_dof_file.c
gcc -arch x86_64 -o usdt_tracepoints.o -c usdt_tracepoints_x86_64.s
gcc -O2 -arch x86_64   -c -o usdt_probe.o usdt_probe.c
gcc -O2 -arch x86_64   -c -o usdt_dof.o usdt_dof.c
gcc -O2 -arch x86_64   -c -o usdt_dof_sections.o usdt_dof_sections.c
rm -f libusdt.a
ar cru libusdt.a usdt.o usdt_dof_file.o usdt_tracepoints.o usdt_probe.o usdt_dof.o usdt_dof_sections.o
ranlib libusdt.a
  TOUCH Release/obj.target/libusdt.stamp
  CXX(target) Release/obj.target/DTraceProviderBindings/dtrace_provider.o
In file included from ../dtrace_provider.cc:1:
../dtrace_provider.h:69:44: error: no type named 'Arguments' in namespace 'v8'; did you mean
      'v8::internal::Arguments'?
    static v8::Handle<v8::Value> New(const v8::Arguments& args);
                                           ^~~~~~~~~~~~~
                                           v8::internal::Arguments
/Users/ag_dubs/.node-gyp/0.12.6/deps/v8/include/v8.h:127:7: note: 'v8::internal::Arguments' declared here
class Arguments;
      ^
In file included from ../dtrace_provider.cc:1:
../dtrace_provider.h:70:45: error: no type named 'Arguments' in namespace 'v8'; did you mean
      'v8::internal::Arguments'?
    static v8::Handle<v8::Value> Fire(const v8::Arguments& args);
                                            ^~~~~~~~~~~~~
                                            v8::internal::Arguments
/Users/ag_dubs/.node-gyp/0.12.6/deps/v8/include/v8.h:127:7: note: 'v8::internal::Arguments' declared here
class Arguments;
      ^
In file included from ../dtrace_provider.cc:1:
../dtrace_provider.h:87:44: error: no type named 'Arguments' in namespace 'v8'; did you mean
      'v8::internal::Arguments'?
    static v8::Handle<v8::Value> New(const v8::Arguments& args);
                                           ^~~~~~~~~~~~~
                                           v8::internal::Arguments
/Users/ag_dubs/.node-gyp/0.12.6/deps/v8/include/v8.h:127:7: note: 'v8::internal::Arguments' declared here
class Arguments;
      ^
In file included from ../dtrace_provider.cc:1:
../dtrace_provider.h:88:49: error: no type named 'Arguments' in namespace 'v8'; did you mean
      'v8::internal::Arguments'?
    static v8::Handle<v8::Value> AddProbe(const v8::Arguments& args);
                                                ^~~~~~~~~~~~~
                                                v8::internal::Arguments
/Users/ag_dubs/.node-gyp/0.12.6/deps/v8/include/v8.h:127:7: note: 'v8::internal::Arguments' declared here
class Arguments;
      ^
In file included from ../dtrace_provider.cc:1:
../dtrace_provider.h:89:52: error: no type named 'Arguments' in namespace 'v8'; did you mean
      'v8::internal::Arguments'?
    static v8::Handle<v8::Value> RemoveProbe(const v8::Arguments& args);
                                                   ^~~~~~~~~~~~~
                                                   v8::internal::Arguments
/Users/ag_dubs/.node-gyp/0.12.6/deps/v8/include/v8.h:127:7: note: 'v8::internal::Arguments' declared here
class Arguments;
      ^
In file included from ../dtrace_provider.cc:1:
../dtrace_provider.h:90:47: error: no type named 'Arguments' in namespace 'v8'; did you mean
      'v8::internal::Arguments'?
    static v8::Handle<v8::Value> Enable(const v8::Arguments& args);
                                              ^~~~~~~~~~~~~
                                              v8::internal::Arguments
/Users/ag_dubs/.node-gyp/0.12.6/deps/v8/include/v8.h:127:7: note: 'v8::internal::Arguments' declared here
class Arguments;
      ^
In file included from ../dtrace_provider.cc:1:
../dtrace_provider.h:91:48: error: no type named 'Arguments' in namespace 'v8'; did you mean
      'v8::internal::Arguments'?
    static v8::Handle<v8::Value> Disable(const v8::Arguments& args);
                                               ^~~~~~~~~~~~~
                                               v8::internal::Arguments
/Users/ag_dubs/.node-gyp/0.12.6/deps/v8/include/v8.h:127:7: note: 'v8::internal::Arguments' declared here
class Arguments;
      ^
In file included from ../dtrace_provider.cc:1:
../dtrace_provider.h:92:45: error: no type named 'Arguments' in namespace 'v8'; did you mean
      'v8::internal::Arguments'?
    static v8::Handle<v8::Value> Fire(const v8::Arguments& args);
                                            ^~~~~~~~~~~~~
                                            v8::internal::Arguments
/Users/ag_dubs/.node-gyp/0.12.6/deps/v8/include/v8.h:127:7: note: 'v8::internal::Arguments' declared here
class Arguments;
      ^
../dtrace_provider.cc:23:17: error: calling a protected constructor of class 'v8::HandleScope'
    HandleScope scope;
                ^
/Users/ag_dubs/.node-gyp/0.12.6/deps/v8/include/v8.h:816:13: note: declared protected here
  V8_INLINE HandleScope() {}
            ^
../dtrace_provider.cc:25:55: error: cannot initialize a parameter of type 'v8::Isolate *' with an lvalue of type
      'v8::Handle<v8::Value> (const v8::internal::Arguments &)'
    Local<FunctionTemplate> t = FunctionTemplate::New(DTraceProvider::New);
                                                      ^~~~~~~~~~~~~~~~~~~
/Users/ag_dubs/.node-gyp/0.12.6/deps/v8/include/v8.h:3456:16: note: passing argument to parameter 'isolate' here
      Isolate* isolate,
               ^
../dtrace_provider.cc:26:58: error: 'New' is a private member of 'v8::PersistentBase<v8::FunctionTemplate>'
    constructor_template = Persistent<FunctionTemplate>::New(t);
                                                         ^
/Users/ag_dubs/.node-gyp/0.12.6/deps/v8/include/v8.h:572:23: note: declared private here
  V8_INLINE static T* New(Isolate* isolate, T* that);
                      ^
../dtrace_provider.cc:26:28: error: too few arguments to function call, expected 2, have 1; did you mean
      'DTraceProbe::New'?
    constructor_template = Persistent<FunctionTemplate>::New(t);
                           ^~~~~~~~~~
                           DTraceProbe::New
../dtrace_provider.h:69:34: note: 'DTraceProbe::New' declared here
    static v8::Handle<v8::Value> New(const v8::Arguments& args);
                                 ^
../dtrace_provider.cc:27:25: error: member reference type 'Persistent<v8::FunctionTemplate>' is not a pointer; maybe
      you meant to use '.'?
    constructor_template->InstanceTemplate()->SetInternalFieldCount(1);
    ~~~~~~~~~~~~~~~~~~~~^~
                        .
../dtrace_provider.cc:27:27: error: no member named 'InstanceTemplate' in 'v8::Persistent<v8::FunctionTemplate,
      v8::NonCopyablePersistentTraits<v8::FunctionTemplate> >'
    constructor_template->InstanceTemplate()->SetInternalFieldCount(1);
    ~~~~~~~~~~~~~~~~~~~~  ^
../dtrace_provider.cc:28:25: error: member reference type 'Persistent<v8::FunctionTemplate>' is not a pointer; maybe
      you meant to use '.'?
    constructor_template->SetClassName(String::NewSymbol("DTraceProvider"));
    ~~~~~~~~~~~~~~~~~~~~^~
                        .
../dtrace_provider.cc:28:27: error: no member named 'SetClassName' in 'v8::Persistent<v8::FunctionTemplate,
      v8::NonCopyablePersistentTraits<v8::FunctionTemplate> >'
    constructor_template->SetClassName(String::NewSymbol("DTraceProvider"));
    ~~~~~~~~~~~~~~~~~~~~  ^
../dtrace_provider.cc:28:48: error: no member named 'NewSymbol' in 'v8::String'
    constructor_template->SetClassName(String::NewSymbol("DTraceProvider"));
                                       ~~~~~~~~^
../dtrace_provider.cc:30:31: error: no viable conversion from 'Persistent<v8::FunctionTemplate>' to
      'v8::Handle<v8::FunctionTemplate>'
    NODE_SET_PROTOTYPE_METHOD(constructor_template, "addProbe", DTraceProvider::AddProbe);
                              ^~~~~~~~~~~~~~~~~~~~
/Users/ag_dubs/.node-gyp/0.12.6/deps/v8/include/v8.h:196:26: note: candidate constructor
      (the implicit copy constructor) not viable: no known conversion from 'Persistent<v8::FunctionTemplate>' to
      'const v8::Handle<v8::FunctionTemplate> &' for 1st argument
template <class T> class Handle {
                         ^
/Users/ag_dubs/.node-gyp/0.12.6/deps/v8/include/v8.h:213:32: note: candidate template ignored: could not match
      'Handle' against 'Persistent'
  template <class S> V8_INLINE Handle(Handle<S> that)
                               ^
/Users/ag_dubs/.node-gyp/0.12.6/src/node.h:244:72: note: passing argument to parameter 'recv' here
inline void NODE_SET_PROTOTYPE_METHOD(v8::Handle<v8::FunctionTemplate> recv,
                                                                       ^
../dtrace_provider.cc:31:31: error: no viable conversion from 'Persistent<v8::FunctionTemplate>' to
      'v8::Handle<v8::FunctionTemplate>'
    NODE_SET_PROTOTYPE_METHOD(constructor_template, "removeProbe", DTraceProvider::RemoveProbe);
                              ^~~~~~~~~~~~~~~~~~~~
/Users/ag_dubs/.node-gyp/0.12.6/deps/v8/include/v8.h:196:26: note: candidate constructor
      (the implicit copy constructor) not viable: no known conversion from 'Persistent<v8::FunctionTemplate>' to
      'const v8::Handle<v8::FunctionTemplate> &' for 1st argument
template <class T> class Handle {
                         ^
/Users/ag_dubs/.node-gyp/0.12.6/deps/v8/include/v8.h:213:32: note: candidate template ignored: could not match
      'Handle' against 'Persistent'
  template <class S> V8_INLINE Handle(Handle<S> that)
                               ^
/Users/ag_dubs/.node-gyp/0.12.6/src/node.h:244:72: note: passing argument to parameter 'recv' here
inline void NODE_SET_PROTOTYPE_METHOD(v8::Handle<v8::FunctionTemplate> recv,
                                                                       ^
fatal error: too many errors emitted, stopping now [-ferror-limit=]
20 errors generated.
make: *** [Release/obj.target/DTraceProviderBindings/dtrace_provider.o] Error 1
gyp ERR! build error
gyp ERR! stack Error: `make` failed with exit code: 2
gyp ERR! stack     at ChildProcess.onExit (/Users/ag_dubs/.nvm/versions/node/v0.12.6/lib/node_modules/npm/node_modules/node-gyp/lib/build.js:269:23)
gyp ERR! stack     at ChildProcess.emit (events.js:110:17)
gyp ERR! stack     at Process.ChildProcess._handle.onexit (child_process.js:1074:12)
gyp ERR! System Darwin 14.5.0
gyp ERR! command "node" "/Users/ag_dubs/.nvm/versions/node/v0.12.6/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js" "rebuild"
gyp ERR! cwd /Users/ag_dubs/Projects/login.webmaker.org/node_modules/messina/node_modules/bunyan/node_modules/dtrace-provider
gyp ERR! node -v v0.12.6
gyp ERR! node-gyp -v v2.0.1
gyp ERR! not ok
npm WARN optional dep failed, continuing [email protected]
-
> [email protected] install /Users/ag_dubs/Projects/login.webmaker.org/node_modules/sqlite3
> node-pre-gyp install --fallback-to-build

[sqlite3] Success: "/Users/ag_dubs/Projects/login.webmaker.org/node_modules/sqlite3/lib/binding/node-v14-darwin-x64/node_sqlite3.node" is installed via remote
npm WARN deprecated [email protected]: This project is abandoned

need to update sequelize, security vulnerability

npm WARN deprecated [email protected]: critical security fix in v3.0.0

Suggestions for string changes

"When you sign in, we will send you an email token to verify your identity, no password needed!"

"When you sign in, we will send you an key to verify your identity, no password needed!"

Or something like that. In the e-mail that the user receives it says "key".

/api/v2/user/create returns 500

caused by ee9e182

Login appears to be broken on events.wmo production

Browser: ALL
Screenshot:

Repro Steps:

Click “Login” on events.webmaker.org
Type email address into field
Click “Sign In”

Expected: key is emailed to me
Actual: no response. clicking “Sign In” appears to have no impact on the page

less-middleware and rtltr-for-less were PoC and got deleted

In a recent cleanout of my git account less-middleware ended up getting deleted. This was a temporary hacks for rtl / ltr localisation that we never ended up using in production anywhere. At least, that was the idea. Apparently login.wmo used it in production, so a bit of cleanup is needed here.

Problem with token passing

STR:

go to https://webmaker-firehose-staging.herokuapp.com/
type in [email protected]
get dialog box saying to check email
go to email, click on link in email: (https://webmaker-firehose-staging.herokuapp.com//?uid=daa4&token=tabil-jurog&validFor=one-year)
get this dialog:

So a) no way it can be true, as there was a 3 second delay between the two clicks
b) Seems wrong to me that the validity is specified in the query parameters. I would expect that to be stored serverside and keyed on the token. Also not sure why we're passing the uid through the query string.

/cc @cadecairos @jbuck @simonwex

bcrypt is breaking login.wmo on windows

bcrypt requires node-gyp, node-gyp requires an amazing VC++ stack, bottom line: brcypt can't install and login.wmo won't run without it.

Is there a quick path to success here?

Login keys are sometimes unusable

From email support:

When I click sign-up, I'm told my email has already been registered. When I used the "key" I was sent, I get a message saying that key is incorrect.

This could either be a UX issue or an issue with the key lookup.

Are we simplifying the keys before checking them against the DB? -- (e.g. trimming whitespace, removing inline whitespace, lower-casing, conflating "0" & "O")

This is a child of mozilla/id.webmaker.org#283

Implement Automated Testing

Implement testing framework
Pick two recent or open bugs
- Bug: ____
- Bug: ____
implement tests that validate fixes for two open bugs
Document how to add a new test
Set up project on TravisCI
Add Travis status Image to README
Add mofo-style linter
Ensure all tests are passing

MozillaFoundation/plan#351

Password reset emails not received

Hello,

I've been using Thimble with a group of 20 adult learners. A few of them couldn't log in, so they did the following:

Go to https://id.webmaker.org/reset-password/
Enter email used previously to sign up to Webmaker
The email check returns positive (so we know they typed in an email address that is linked to an existing Webmaker account)
Submit the form
After submitting the form the page says We've emailed you instructions for creating a new password. however no emails were received (not even in the spam folder).

I tested these steps myself (repeatedly) and got the same result: a new password reset request seems to be successfully created, yet I am not receiving any emails to reset my password.

Something to do with the email delivery system (SQS)?

Line 411 in a4021a7

hatchet.send("reset_code_created", {

Could you please look into this? Currently I have 4 students who are effectively locked out of their Webmaker account and can't access the Thimble projects they've worked on for 3 weeks.

Thanks!

cc @jbuck @cadecairos

Domain & Port is hard-coded for SSO server

https://github.com/mozilla/login.webmaker.org/blob/master/app/http/public/sso.js#L20

Migrate away from native bcrypt with Javascript bindings

We currently use a native version of bcrypt with Javascript bindings as our library of choice. This is problematic because this library lacks pre-built binaries, which forces node-gyp to fallback to manual compilation of the library. This causes issues when setting up login, especially if you don't have your environment setup right.

Let's switch over to something like: https://www.npmjs.com/package/bcryptjs, it's slower but it's written in Javascript entirely and removes the requirement to manually compile bcrypt.

Sign up broken on events.wmo

Browser: ALL
Screenshot:

Repro Steps:

Click “Join Webmaker”
enter email
click “Join”

Expected: Email recorded, time to set a url name
Actual: The modal to set url name appears, but with the error An unknown error occurred on the server. Try your request again. If the problem persists, get help.

(Can't reproduce on staging)

update deps, move to 0.12.6+

in order to move to 0.12.6 we'll need to update a bunch of stuff. see: https://travis-ci.org/mozilla/login.webmaker.org/jobs/69789303

Delete Account Pop-Up Appears Below Screen

STR:

Login to webmaker.org
Go to "My Settings"
Click "delete account"

Expected: Some sort of pop-up mid-screen
Actual: Pop-up appears below screen so you can't see it and don't notice it unless you scroll down.

sqlite and jshint are breaking the build

sqlite needs a C++ '11 compiler, and jshint doesn't work with the older version of the grunt plugin.
#379 fixes this.

New account email sent to non-email

Steps to reproduce

Go to https://teach.mozilla.org/
Click "Sign In"
Type some garbage into "Username" i.e. "zzzzkzkzjjzzkzjz" or "zjzjzjalkdjfajbc"
Focus the password field
You are redirected to the "Uh Oh, there isn't a password for this account" page
Hit "Continue"
See the following...

Seems like it's trying to tell me that it sent me an email, when all I provided was a username.

Document how to manipulate user properties

Need to document (or link to from readme) how to manipulate user properties in the database. e.g. isAdmin – great to know you have to flip that in the DB to allow users to be admins, and what privileges that gives them.

Add newrelic to this app

Restrict PostMessage to ALLOWED_ORIGINS configuration value.

https://github.com/mozilla/login.webmaker.org/blob/master/app/http/views/site/signin.ejs#L24

People aren't getting their login keys

Separating this from: #313 (comment) because I think there might be several issues going on here.

STR:

Go to webmaker.org create new account
DOESN'T ASK YOU FOR A KEY allowing you to make things you come to love and cherish
Log out of webmaker.org.
Try and sign-in to Webmaker again.
Don't receive the key OR the key doesn't work (not sure which one).
Be locked out and email requesting a new key [email protected].

People often forward me the email of the key with complaints like this:
"My Link Has Expired And Every Time I Had Tried To Enter My Key It Said It Was Wrong CAN YOU PLEASE HELP?"
" I'm sorry but I still did not manage to connect on the site. What is the solution that I can finally manage to connect? "
" I have not received my login for Mozilla Popcorn Maker and it won't let me go back and continue to edit the project without the 'key'. I have checked my spam folder and nothing has come through."
"The login key is not working. I tried for five minutes, but I didn't get the email for the key. Now I can't get into my account. Please help! I just don't get the e-mail for the key.
It says,"Uh Oh! Your login link expired. Request a new email to sign in." when I ry to log in using an expired password.In the first week or so it gives me the e-mail within five minutes or so, but later on I never get it."

cc. @cassiemc @cadecairos @ScottDowne @jbuck

Use ALLOWED_DOMAINS to restrict cross-domain requests

https://github.com/mozilla/login.webmaker.org/blob/master/app/http/controllers/application.js

Makes not deleting

Issue with makes deleting. via [email protected]

Here is the users issue:
I am having an issue with a webpage. I have erased all my makes but they keep showing up and this is interfering with my actual business. The page in question is https://homeworkmountain.makes.org/thimble/biology_
I already deleted the makes but they are continuing to show. These pages are being indexed by search engines and this is causing SEO issues with my site.

following readme instructions gives a DB error

following a $ npm install

Ashleys-MacBook-Pro:login.webmaker.org ag_dubs$ node app.js
db/index.js: DB setup error
 undefined Cannot read property 'database' of undefined
/Users/ag_dubs/Projects/login.webmaker.org/app/db/models/index.js:18
  var user = sequelize.import(__dirname + "/user.js");
                      ^
TypeError: Cannot read property 'import' of undefined
    at module.exports (/Users/ag_dubs/Projects/login.webmaker.org/app/db/models/index.js:18:23)
    at module.exports (/Users/ag_dubs/Projects/login.webmaker.org/app/db/index.js:21:45)
    at module.exports (/Users/ag_dubs/Projects/login.webmaker.org/app/http/server.js:28:30)
    at Object.<anonymous> (/Users/ag_dubs/Projects/login.webmaker.org/app.js:7:32)

Verifying user passwords takes a significant amount of time because we use bcrypt

Verifying user passwords and storing them in a secure fashion is important, which is why we use bcrypt. But because we use bcrypt, verifying passwords is really slow when you start to do more than 5 req/s with our current 2 dyno setup.

Broken Link under the Bugs Section of README.md

The link https://bugzilla.mozilla.org/buglist.cgi?quicksearch=c%3Dlogin&list_id=6396195 (text: bugs we have now) is broken, needs to be fixed.

Update dependencies

Moment and sequelize in this project have known exploits, please update these dependencies

I don't understand this UI

Specifically the repetition of US-English

/cc @alicoding

update to express 4.x

Ensure that our code which grabs the server port is non-spoofable

Wrote some code which extracts the port (which is difficult due to them being stripped from the request) - need to check that this isn't spoofable.

(caveat - code isn't in the repo yet - will update when it is)

Overly aggressive field validation on Sign Up page

On the Sign Up page, fields are validated when they lose focus, even if nothing was typed in. This creates some awkward situations.

Steps to reproduce

Go to the sign up page
Specify a username
Click the password field
Change your username

The email field shows a big red error, even though I haven't even tried typing anything into it. Can we try to validate these only after someone has added content and show the errors for blank fields only when someone tries to submit the form?

Close issues down on this repo and add a link to id.webmaker.org

I think we should close issues down on this repo to prevent duplicate tickets/confusion.

Thoughts @simonwex @thisandagain @jbuck

mozilla / login.webmaker.org Goto Github PK

login.webmaker.org's Introduction

login.webmaker.org

Getting the Server Up and Running Locally

Tests

login.webmaker.org's People

Contributors

Stargazers

Watchers

Forkers

login.webmaker.org's Issues

Recommend Projects

Recommend Topics

Recommend Org