mozilla / login.webmaker.org Goto Github PK
View Code? Open in Web Editor NEWLogin service for Webmaker.org
Home Page: https://login.webmaker.org
License: Mozilla Public License 2.0
Login service for Webmaker.org
Home Page: https://login.webmaker.org
License: Mozilla Public License 2.0
If you have an account that doesn't have a password and you try to sign in, we attempt to send you an email to set a password but not before you see this strange page...
Some thoughts
The link https://bugzilla.mozilla.org/buglist.cgi?quicksearch=c%3Dlogin&list_id=6396195
(text: bugs we have now) is broken, needs to be fixed.
sqlite needs a C++ '11 compiler, and jshint doesn't work with the older version of the grunt plugin.
#379 fixes this.
Seems spotty -- happens for some accounts, but not others.
POST http://goggles.mofostaging.net/auth/v2/uid-exists 403 (Forbidden)
POST http://goggles.mofostaging.net/verify 403 (Forbidden)
webmakerLogin.js:1957 Uncaught TypeError: Uncaught, unspecified "error" event.
Moment and sequelize in this project have known exploits, please update these dependencies
Our emails encourage people to not set cookies. That's pretty guaranteed to lead to heart-ache.
We should highlight the "Sign in and keep me signed in" link over the other one.
following a $ npm install
Ashleys-MacBook-Pro:login.webmaker.org ag_dubs$ node app.js
db/index.js: DB setup error
undefined Cannot read property 'database' of undefined
/Users/ag_dubs/Projects/login.webmaker.org/app/db/models/index.js:18
var user = sequelize.import(__dirname + "/user.js");
^
TypeError: Cannot read property 'import' of undefined
at module.exports (/Users/ag_dubs/Projects/login.webmaker.org/app/db/models/index.js:18:23)
at module.exports (/Users/ag_dubs/Projects/login.webmaker.org/app/db/index.js:21:45)
at module.exports (/Users/ag_dubs/Projects/login.webmaker.org/app/http/server.js:28:30)
at Object.<anonymous> (/Users/ag_dubs/Projects/login.webmaker.org/app.js:7:32)
https://github.com/mozilla/login.webmaker.org/blob/master/app/http/views/js/sso-ux.ejs#L155 probably has no reason to exist.
Steps to reproduce
Seems like it's trying to tell me that it sent me an email, when all I provided was a username.
We need to send emails to users 3 days after they install and sign up to use Webmaker app.
@jbuck's advice was to use a worker process here, in login.webmaker.org, to wake up each day (or hour?) and send messages through hatchet to any 3-day-old users.
@HPaulJohnson and @KevZawacki will have content for the email which will be sent out through sawmill via webmaker-mailroom.
Update the minumum required version of Node.js in package.json
Wrote some code which extracts the port (which is difficult due to them being stripped from the request) - need to check that this isn't spoofable.
(caveat - code isn't in the repo yet - will update when it is)
Links should be to:
https://beta.webmaker.org/#/legal
https://www.mozilla.org/privacy/websites
I think we should close issues down on this repo to prevent duplicate tickets/confusion.
Thoughts @simonwex @thisandagain @jbuck
Issue with makes deleting. via [email protected]
Here is the users issue:
I am having an issue with a webpage. I have erased all my makes but they keep showing up and this is interfering with my actual business. The page in question is https://homeworkmountain.makes.org/thimble/biology_
I already deleted the makes but they are continuing to show. These pages are being indexed by search engines and this is causing SEO issues with my site.
If the mongoose
's connection to the MongoDB
fails, it should do as loudly as possible.
Mongoose error handling takes the form:
mongoose.connection.on("error", errorHandleCB);
Verifying user passwords and storing them in a secure fashion is important, which is why we use bcrypt. But because we use bcrypt, verifying passwords is really slow when you start to do more than 5 req/s with our current 2 dyno setup.
FYI: The following changes were made to this repository's wiki:
defacing spam has been removed
Restricting write access to contributors is strongly encouraged. Please make that change (documentation).
These were made as the result of a recent automated defacement of publically writeable wikis.
Separating this from: #313 (comment) because I think there might be several issues going on here.
STR:
People often forward me the email of the key with complaints like this:
"My Link Has Expired And Every Time I Had Tried To Enter My Key It Said It Was Wrong CAN YOU PLEASE HELP?"
" I'm sorry but I still did not manage to connect on the site. What is the solution that I can finally manage to connect? "
" I have not received my login for Mozilla Popcorn Maker and it won't let me go back and continue to edit the project without the 'key'. I have checked my spam folder and nothing has come through."
"The login key is not working. I tried for five minutes, but I didn't get the email for the key. Now I can't get into my account. Please help! I just don't get the e-mail for the key.
It says,"Uh Oh! Your login link expired. Request a new email to sign in." when I ry to log in using an expired password.In the first week or so it gives me the e-mail within five minutes or so, but later on I never get it."
There is a string that says:
"Invalid username. All usernames must be between 1-20 characters, and only include "-" and alphanumeric characters"
But in my language we dont say alphanumeric so its not so clear for me exactly what i can use.
Does it include "-" 0-9 a-z A-Z and nothing else ?
We currently use a native version of bcrypt with Javascript bindings as our library of choice. This is problematic because this library lacks pre-built binaries, which forces node-gyp
to fallback to manual compilation of the library. This causes issues when setting up login, especially if you don't have your environment setup right.
Let's switch over to something like: https://www.npmjs.com/package/bcryptjs, it's slower but it's written in Javascript entirely and removes the requirement to manually compile bcrypt.
in order to move to 0.12.6 we'll need to update a bunch of stuff. see: https://travis-ci.org/mozilla/login.webmaker.org/jobs/69789303
On the Sign Up page, fields are validated when they lose focus, even if nothing was typed in. This creates some awkward situations.
Steps to reproduce
The email field shows a big red error, even though I haven't even tried typing anything into it. Can we try to validate these only after someone has added content and show the errors for blank fields only when someone tries to submit the form?
The request 403's 👎
Using node 4.x is becoming a pain for Thimble contributors who are trying to setup Thimble manually since Thimble and all other services it relies on (except login.wm.org) can run on node 6.x. Running nvm is not possible on Windows and its alternatives are pretty terrible.
"When you sign in, we will send you an email token to verify your identity, no password needed!"
"When you sign in, we will send you an key to verify your identity, no password needed!"
Or something like that. In the e-mail that the user receives it says "key".
From email support:
When I click sign-up, I'm told my email has already been registered. When I used the "key" I was sent, I get a message saying that key is incorrect.
This could either be a UX issue or an issue with the key lookup.
Are we simplifying the keys before checking them against the DB? -- (e.g. trimming whitespace, removing inline whitespace, lower-casing, conflating "0" & "O")
This is a child of mozilla/id.webmaker.org#283
If i go to my profile sometimes on the top og the page it says "Want your own Webmaker profile?" and theres a button to sign up, but i already have an account, so maybe this should not be showned, at least not for users that are loggin in.
Hello,
I've been using Thimble with a group of 20 adult learners. A few of them couldn't log in, so they did the following:
I tested these steps myself (repeatedly) and got the same result: a new password reset request seems to be successfully created, yet I am not receiving any emails to reset my password.
Something to do with the email delivery system (SQS)?
login.webmaker.org/app/db/models/index.js
Line 411 in a4021a7
Could you please look into this? Currently I have 4 students who are effectively locked out of their Webmaker account and can't access the Thimble projects they've worked on for 3 weeks.
Thanks!
usdt.c:212:9: warning: implicit declaration of function 'usdt_dof_section_free' is invalid in C99
[-Wimplicit-function-declaration]
usdt_dof_section_free(&strtab);
^
usdt.c:238:9: warning: implicit declaration of function 'usdt_dof_file_free' is invalid in C99
[-Wimplicit-function-declaration]
usdt_dof_file_free(provider->file);
^
2 warnings generated.
gcc -O2 -arch x86_64 -c -o usdt_dof_file.o usdt_dof_file.c
gcc -arch x86_64 -o usdt_tracepoints.o -c usdt_tracepoints_x86_64.s
gcc -O2 -arch x86_64 -c -o usdt_probe.o usdt_probe.c
gcc -O2 -arch x86_64 -c -o usdt_dof.o usdt_dof.c
gcc -O2 -arch x86_64 -c -o usdt_dof_sections.o usdt_dof_sections.c
rm -f libusdt.a
ar cru libusdt.a usdt.o usdt_dof_file.o usdt_tracepoints.o usdt_probe.o usdt_dof.o usdt_dof_sections.o
ranlib libusdt.a
TOUCH Release/obj.target/libusdt.stamp
CXX(target) Release/obj.target/DTraceProviderBindings/dtrace_provider.o
In file included from ../dtrace_provider.cc:1:
../dtrace_provider.h:69:44: error: no type named 'Arguments' in namespace 'v8'; did you mean
'v8::internal::Arguments'?
static v8::Handle<v8::Value> New(const v8::Arguments& args);
^~~~~~~~~~~~~
v8::internal::Arguments
/Users/ag_dubs/.node-gyp/0.12.6/deps/v8/include/v8.h:127:7: note: 'v8::internal::Arguments' declared here
class Arguments;
^
In file included from ../dtrace_provider.cc:1:
../dtrace_provider.h:70:45: error: no type named 'Arguments' in namespace 'v8'; did you mean
'v8::internal::Arguments'?
static v8::Handle<v8::Value> Fire(const v8::Arguments& args);
^~~~~~~~~~~~~
v8::internal::Arguments
/Users/ag_dubs/.node-gyp/0.12.6/deps/v8/include/v8.h:127:7: note: 'v8::internal::Arguments' declared here
class Arguments;
^
In file included from ../dtrace_provider.cc:1:
../dtrace_provider.h:87:44: error: no type named 'Arguments' in namespace 'v8'; did you mean
'v8::internal::Arguments'?
static v8::Handle<v8::Value> New(const v8::Arguments& args);
^~~~~~~~~~~~~
v8::internal::Arguments
/Users/ag_dubs/.node-gyp/0.12.6/deps/v8/include/v8.h:127:7: note: 'v8::internal::Arguments' declared here
class Arguments;
^
In file included from ../dtrace_provider.cc:1:
../dtrace_provider.h:88:49: error: no type named 'Arguments' in namespace 'v8'; did you mean
'v8::internal::Arguments'?
static v8::Handle<v8::Value> AddProbe(const v8::Arguments& args);
^~~~~~~~~~~~~
v8::internal::Arguments
/Users/ag_dubs/.node-gyp/0.12.6/deps/v8/include/v8.h:127:7: note: 'v8::internal::Arguments' declared here
class Arguments;
^
In file included from ../dtrace_provider.cc:1:
../dtrace_provider.h:89:52: error: no type named 'Arguments' in namespace 'v8'; did you mean
'v8::internal::Arguments'?
static v8::Handle<v8::Value> RemoveProbe(const v8::Arguments& args);
^~~~~~~~~~~~~
v8::internal::Arguments
/Users/ag_dubs/.node-gyp/0.12.6/deps/v8/include/v8.h:127:7: note: 'v8::internal::Arguments' declared here
class Arguments;
^
In file included from ../dtrace_provider.cc:1:
../dtrace_provider.h:90:47: error: no type named 'Arguments' in namespace 'v8'; did you mean
'v8::internal::Arguments'?
static v8::Handle<v8::Value> Enable(const v8::Arguments& args);
^~~~~~~~~~~~~
v8::internal::Arguments
/Users/ag_dubs/.node-gyp/0.12.6/deps/v8/include/v8.h:127:7: note: 'v8::internal::Arguments' declared here
class Arguments;
^
In file included from ../dtrace_provider.cc:1:
../dtrace_provider.h:91:48: error: no type named 'Arguments' in namespace 'v8'; did you mean
'v8::internal::Arguments'?
static v8::Handle<v8::Value> Disable(const v8::Arguments& args);
^~~~~~~~~~~~~
v8::internal::Arguments
/Users/ag_dubs/.node-gyp/0.12.6/deps/v8/include/v8.h:127:7: note: 'v8::internal::Arguments' declared here
class Arguments;
^
In file included from ../dtrace_provider.cc:1:
../dtrace_provider.h:92:45: error: no type named 'Arguments' in namespace 'v8'; did you mean
'v8::internal::Arguments'?
static v8::Handle<v8::Value> Fire(const v8::Arguments& args);
^~~~~~~~~~~~~
v8::internal::Arguments
/Users/ag_dubs/.node-gyp/0.12.6/deps/v8/include/v8.h:127:7: note: 'v8::internal::Arguments' declared here
class Arguments;
^
../dtrace_provider.cc:23:17: error: calling a protected constructor of class 'v8::HandleScope'
HandleScope scope;
^
/Users/ag_dubs/.node-gyp/0.12.6/deps/v8/include/v8.h:816:13: note: declared protected here
V8_INLINE HandleScope() {}
^
../dtrace_provider.cc:25:55: error: cannot initialize a parameter of type 'v8::Isolate *' with an lvalue of type
'v8::Handle<v8::Value> (const v8::internal::Arguments &)'
Local<FunctionTemplate> t = FunctionTemplate::New(DTraceProvider::New);
^~~~~~~~~~~~~~~~~~~
/Users/ag_dubs/.node-gyp/0.12.6/deps/v8/include/v8.h:3456:16: note: passing argument to parameter 'isolate' here
Isolate* isolate,
^
../dtrace_provider.cc:26:58: error: 'New' is a private member of 'v8::PersistentBase<v8::FunctionTemplate>'
constructor_template = Persistent<FunctionTemplate>::New(t);
^
/Users/ag_dubs/.node-gyp/0.12.6/deps/v8/include/v8.h:572:23: note: declared private here
V8_INLINE static T* New(Isolate* isolate, T* that);
^
../dtrace_provider.cc:26:28: error: too few arguments to function call, expected 2, have 1; did you mean
'DTraceProbe::New'?
constructor_template = Persistent<FunctionTemplate>::New(t);
^~~~~~~~~~
DTraceProbe::New
../dtrace_provider.h:69:34: note: 'DTraceProbe::New' declared here
static v8::Handle<v8::Value> New(const v8::Arguments& args);
^
../dtrace_provider.cc:27:25: error: member reference type 'Persistent<v8::FunctionTemplate>' is not a pointer; maybe
you meant to use '.'?
constructor_template->InstanceTemplate()->SetInternalFieldCount(1);
~~~~~~~~~~~~~~~~~~~~^~
.
../dtrace_provider.cc:27:27: error: no member named 'InstanceTemplate' in 'v8::Persistent<v8::FunctionTemplate,
v8::NonCopyablePersistentTraits<v8::FunctionTemplate> >'
constructor_template->InstanceTemplate()->SetInternalFieldCount(1);
~~~~~~~~~~~~~~~~~~~~ ^
../dtrace_provider.cc:28:25: error: member reference type 'Persistent<v8::FunctionTemplate>' is not a pointer; maybe
you meant to use '.'?
constructor_template->SetClassName(String::NewSymbol("DTraceProvider"));
~~~~~~~~~~~~~~~~~~~~^~
.
../dtrace_provider.cc:28:27: error: no member named 'SetClassName' in 'v8::Persistent<v8::FunctionTemplate,
v8::NonCopyablePersistentTraits<v8::FunctionTemplate> >'
constructor_template->SetClassName(String::NewSymbol("DTraceProvider"));
~~~~~~~~~~~~~~~~~~~~ ^
../dtrace_provider.cc:28:48: error: no member named 'NewSymbol' in 'v8::String'
constructor_template->SetClassName(String::NewSymbol("DTraceProvider"));
~~~~~~~~^
../dtrace_provider.cc:30:31: error: no viable conversion from 'Persistent<v8::FunctionTemplate>' to
'v8::Handle<v8::FunctionTemplate>'
NODE_SET_PROTOTYPE_METHOD(constructor_template, "addProbe", DTraceProvider::AddProbe);
^~~~~~~~~~~~~~~~~~~~
/Users/ag_dubs/.node-gyp/0.12.6/deps/v8/include/v8.h:196:26: note: candidate constructor
(the implicit copy constructor) not viable: no known conversion from 'Persistent<v8::FunctionTemplate>' to
'const v8::Handle<v8::FunctionTemplate> &' for 1st argument
template <class T> class Handle {
^
/Users/ag_dubs/.node-gyp/0.12.6/deps/v8/include/v8.h:213:32: note: candidate template ignored: could not match
'Handle' against 'Persistent'
template <class S> V8_INLINE Handle(Handle<S> that)
^
/Users/ag_dubs/.node-gyp/0.12.6/src/node.h:244:72: note: passing argument to parameter 'recv' here
inline void NODE_SET_PROTOTYPE_METHOD(v8::Handle<v8::FunctionTemplate> recv,
^
../dtrace_provider.cc:31:31: error: no viable conversion from 'Persistent<v8::FunctionTemplate>' to
'v8::Handle<v8::FunctionTemplate>'
NODE_SET_PROTOTYPE_METHOD(constructor_template, "removeProbe", DTraceProvider::RemoveProbe);
^~~~~~~~~~~~~~~~~~~~
/Users/ag_dubs/.node-gyp/0.12.6/deps/v8/include/v8.h:196:26: note: candidate constructor
(the implicit copy constructor) not viable: no known conversion from 'Persistent<v8::FunctionTemplate>' to
'const v8::Handle<v8::FunctionTemplate> &' for 1st argument
template <class T> class Handle {
^
/Users/ag_dubs/.node-gyp/0.12.6/deps/v8/include/v8.h:213:32: note: candidate template ignored: could not match
'Handle' against 'Persistent'
template <class S> V8_INLINE Handle(Handle<S> that)
^
/Users/ag_dubs/.node-gyp/0.12.6/src/node.h:244:72: note: passing argument to parameter 'recv' here
inline void NODE_SET_PROTOTYPE_METHOD(v8::Handle<v8::FunctionTemplate> recv,
^
fatal error: too many errors emitted, stopping now [-ferror-limit=]
20 errors generated.
make: *** [Release/obj.target/DTraceProviderBindings/dtrace_provider.o] Error 1
gyp ERR! build error
gyp ERR! stack Error: `make` failed with exit code: 2
gyp ERR! stack at ChildProcess.onExit (/Users/ag_dubs/.nvm/versions/node/v0.12.6/lib/node_modules/npm/node_modules/node-gyp/lib/build.js:269:23)
gyp ERR! stack at ChildProcess.emit (events.js:110:17)
gyp ERR! stack at Process.ChildProcess._handle.onexit (child_process.js:1074:12)
gyp ERR! System Darwin 14.5.0
gyp ERR! command "node" "/Users/ag_dubs/.nvm/versions/node/v0.12.6/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js" "rebuild"
gyp ERR! cwd /Users/ag_dubs/Projects/login.webmaker.org/node_modules/messina/node_modules/bunyan/node_modules/dtrace-provider
gyp ERR! node -v v0.12.6
gyp ERR! node-gyp -v v2.0.1
gyp ERR! not ok
npm WARN optional dep failed, continuing [email protected]
-
> [email protected] install /Users/ag_dubs/Projects/login.webmaker.org/node_modules/sqlite3
> node-pre-gyp install --fallback-to-build
[sqlite3] Success: "/Users/ag_dubs/Projects/login.webmaker.org/node_modules/sqlite3/lib/binding/node-v14-darwin-x64/node_sqlite3.node" is installed via remote
npm WARN deprecated [email protected]: This project is abandoned
bcrypt requires node-gyp, node-gyp requires an amazing VC++ stack, bottom line: brcypt can't install and login.wmo won't run without it.
Is there a quick path to success here?
caused by ee9e182
npm WARN deprecated [email protected]: critical security fix in v3.0.0
In a recent cleanout of my git account less-middleware
ended up getting deleted. This was a temporary hacks for rtl / ltr localisation that we never ended up using in production anywhere. At least, that was the idea. Apparently login.wmo used it in production, so a bit of cleanup is needed here.
Hey!
Over the past week or so we've had a few issues about people having problems with the key. Things like "The login key is not working. I tried for five minutes, but I didn't get the email for the key. Now I can't get into my account."
No report of error messages so it might be user error but though I'd file it here just in case.
STR:
So a) no way it can be true, as there was a 3 second delay between the two clicks
b) Seems wrong to me that the validity is specified in the query parameters. I would expect that to be stored serverside and keyed on the token. Also not sure why we're passing the uid through the query string.
Need to document (or link to from readme) how to manipulate user properties in the database. e.g. isAdmin
– great to know you have to flip that in the DB to allow users to be admins, and what privileges that gives them.
Repro Steps:
Expected: Email recorded, time to set a url name
Actual: The modal to set url name appears, but with the error An unknown error occurred on the server. Try your request again. If the problem persists, get help.
(Can't reproduce on staging)
User emailed saying hyperlink in "Settings" to delete account is not working. I just tested it with my own account and also cannot delete it.
From mozilla/id.webmaker.org#109
Need a method to indicate that sawmill should render a migration token email VS regular token login email for migrating users on id.webmaker.org.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.