steemit / faucet Goto Github PK
View Code? Open in Web Editor NEWSteemit Account Creation Web Application
License: MIT License
Steemit Account Creation Web Application
License: MIT License
We need a health check for the aws alb. Should be served on /.well-known/healthcheck.json
and respond with {"ok": true, "date": "2017-12-27T13:13:09.373Z"}
or similar
Call to conveyor are not working anymore since 3 days are breaking the steps in signup flow. Is something changed? We are using salut
in localhost actually + https://conveyor.steemitdev.com
. Here is error from steem-js:
RPCError: Unauthorized: Verification failed (Invalid signature)
Using the last login / password provided by @bonustrack for the conveyor calls I have this error:
Error: Checksums do not match
when I call the conveyor.is_email_registered
endpoint on the check email step for instance.
Nothing changed in the code, it's the error I have since this morning.
The STEEMJS_URL
is configured to use : https://api.steemit.com
With complete details:
Error: Checksums do not match
at Object.toBits (D:\Dev\Projects\Steemit\faucet\node_modules\@steemit\libcrypto\lib\crypto.js:3166:13)
at Object.deserializePrivateKey (D:\Dev\Projects\Steemit\faucet\node_modules\@steemit\libcrypto\lib\crypto.js:3387:42)
at Function.PrivateKey.from (D:\Dev\Projects\Steemit\faucet\node_modules\@steemit\libcrypto\lib\crypto.js:3463:26)
at sign (D:\Dev\Projects\Steemit\faucet\node_modules\@steemit\rpc-auth\lib\index.js:114:42)
at Steem.signedCall (D:\Dev\Projects\Steemit\faucet\node_modules\@steemit\steem-js\lib\api\index.js:215:45)
at Steem.signedCall (internal/util.js:227:26)
IPs originating from China should not require captcha verification.
Refs #109
App config should not be baked into bundle
Serve it in the template as window.config
or something
Currently we are setup to only run the node tests, circle test runner should build the docker image (which includes running the tests)
Docker build fails with:
Step 7/8 : RUN yarn run test
---> Running in 96e29a120072
yarn run v1.3.2
$ yarn run lint && nsp check --output summary
$ eslint "src/**/*.js" "routes/**/*.js" "helpers/**/*.js"
/bin/sh: eslint: not found
error Command failed with exit code 127.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.
error Command failed with exit code 1.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.
The command '/bin/sh -c yarn run test' returned a non-zero code: 1
When NODE_ENV=production, eslint is not an installed node_module so it's not available. The yarn run test
needs to still succeed after installing in production mode.
I believe the fix will need to happen here: https://github.com/steemit/faucet/blob/master/webpack/makeConfig.js
Client should use same rpc node as configured for backend
We need to support signups from China, the GFW blocks the google captcha we use. Our options are:
Both 2. and 3. are gamble by an determined attacker (chinese vpn, train ann on easily generated dataset).
I'm in favour of 3. since it provides some level of protection and we will not be relying on a third party.
To avoid concurrent requests to api/create_account
we should set user status as pending_creation
in the database in the begin of the request. We should return an error if the user send a request and has already a status of pending_creation
. If the account creation failed we can set the user back to approved
status so he can start the account creation process again.
Related to #155
Going through the process the last step fails with:
{"error":"error_api_create_account","detail":{"cause":{},"isOperational":true}}
Logs empty
Condenser supports autofill in the login form, we should use that when redirecting:
https://steemit.com/login.html#account=billbonds
And we also need the ability to pass along identifiers that are carried along trough the process and sent to the DEFAULT_REDIRECT_URI
Spec:
{{variable_name}}
username
is special and is populated by newly created username and not overridable by first step query stringsExample: With DEFAULT_REDIRECT_URI
set to https://example.com/{{username}}?foo={{bar}}
and an initial entry point to step1 with ?bar=man
and new username baz
the redirect url should resolve to: https://example.com/baz?foo=man
Tests:
DEFAULT_REDIRECT_URI="http://localhost:1234/{{username}}/foo?u={{username}}&id={{id}}
monika
?id=1234
http://localhost:1234/monika/foo?u=monika&id=1234
DEFAULT_REDIRECT_URI="https://example.com
monika
?id=1234
https://example.com
DEFAULT_REDIRECT_URI="https://example.com#{{username}}
monika
?username=hax
https://example.com#monika
Faucet translation keys should be translated in additional languages
In check_username
I'm intermittently getting timeouts, logs show:
UnhandledPromiseRejectionWarning: Unhandled promise rejection (rejection id: 17): SequelizeDatabaseError: Table 'faucet.users' doesn't exist
Might be a configuration error as we just got this setup but we should never time out, return 500 on all unexpected errors.
After submitting email on step 2 the button spins forever and console shows:
Both RECAPTCHA_CLIENT_ID
and RECAPTCHA_SECRET
are set
[Error] Error: Missing required parameters: sitekey
Gq (recaptcha__en.js:365:337)
jr (recaptcha__en.js:375:467)
xr (recaptcha__en.js:381:205)
explicitRender (app.min.js:94:625)
componentDidMount (app.min.js:94:1089)
notifyAll (app.min.js:64:25902)
close (app.min.js:93:12948)
closeAll (app.min.js:32:12042)
perform (app.min.js:32:11535)
perform (app.min.js:32:11448)
C (app.min.js:23:26591)
C
closeAll (app.min.js:32:12042)
perform (app.min.js:32:11535)
dispatchEvent (app.min.js:93:8636)
dispatchEvent
[Error] Error: Missing required parameters: sitekey
Gq (recaptcha__en.js:365:337)
jr (recaptcha__en.js:375:467)
xr (recaptcha__en.js:381:205)
explicitRender (app.min.js:94:625)
componentDidUpdate (app.min.js:94:1154)
(anonymous function)
notifyAll (app.min.js:64:25902)
close (app.min.js:93:12948)
closeAll (app.min.js:32:12042)
perform (app.min.js:32:11535)
perform (app.min.js:32:11448)
C (app.min.js:23:26591)
C
closeAll (app.min.js:32:12042)
perform (app.min.js:32:11535)
dispatchEvent (app.min.js:93:8636)
dispatchEvent
[Error] Error: Invalid ReCAPTCHA client id: undefined
rethrowCaughtError (app.min.js:39:12352)
processEventQueue (app.min.js:31:21548)
r (app.min.js:93:7245)
handleTopLevel (app.min.js:93:7330)
o (app.min.js:93:7774)
perform (app.min.js:32:11448)
dispatchEvent (app.min.js:93:8636)
dispatchEvent
Unless we explicitly need them here we should move that list and check to gatekeeper
so we don't unintentonally include an update & introduce un-audited code
Currently all api handlers are async and wrapped in try/catch, a better solution would be to create an async wrapper that returns unexpected errors as 500 or using something like https://github.com/spatools/express-async-router
Refs #135
We have both false positives and false negatives in our local validator. We should remove the local validator and just do a basic check that it looks like a phone number, then let the twillo do the validation for us. They return code 21614
or 21211
for invalid numbers.
API endpoints are all GET requests, we should be using POST to send data
Possible provider: http://www.yinxiangma.com (bad omen them not serving their site over https...)
Anyone know of other captcha solutions that work in China?
Should also use --frozen-lockfile
to ensure we only use dependencies from the checked in yarn.lock
On the blocktrade's steem account creator, we block the creation of names similar to the names of existing services such as bittrex, poloniex, blocktrades, etc (e.g bitttrex, bloktrades). It'd be nice if the steemit faucet did the same: it might discourage casual creation of such names if there was a cost associated with their creation.
We should add Chinese translations to the signup process as well
Files are in: src/locales
Need instructions on how to init the database, or even better would be if the app handles that automagically when run.
We should remove any dependency in package.json that is not used
Also anything that is not needed by the server runtime should be in devDependencies (react, babel, webpack, nodemon etc)
https://github.com/steemit/faucet/blob/master/routes/api.js#L261
https://github.com/steemit/faucet/blob/master/routes/api.js#L419
link should be create_account
not create-account
package.json name says sc2-signup, should be faucet, private should also be set to true
It seem to be a common issue that user forgot about their username. Actually on the step 2 we are showing the username when he complete the signal with a message: "Welcome @username". But once user close the page he don't have access to it anymore. It's better if we can send him an email telling him "Welcome @username, your account has been successfully created...". so his username is saved somewhere in his mails, he can get back this info easier if he forgot.
Was able to create an account without verifying email address, is this intentional? Phone verification was required and worked
and write the tests, also :)
some possible test scenarios:
Our logging system does not support ansi escape codes for colours, need to be able to disable it for more readable logs.
#033[0mGET /api/check_username?username=dooonnkkk&email= #033[0m- #033[0m- ms - -#033[0m
as a visitor to the signup.steemit.com, i expect the steemit logo to show up somewhere so i trust the site, even if i don't supply the ref=steemit
query string.
We need to switch from MailGun to SendGrid for sending email. SendGrid add-on is already activated on Heroku.
Instead of reading process.env['VAR'] everywhere we should rely on a central config
Faucets generated passwords does not follow the P5
prefixed "master password" convention condenser has.
This is bad since we use that to detect if users accidentally post their passwords and save them from shooting themselves in the foot
We need to verify if username is valid on server side before insert user on db. Using validateAccountName
Line 16 in 40c545f
Until we replace the account recovery endpoints in condenser we need to forward data to the old db so that the recovery support can use the exiting tooling.
We are setting up an endpoint in condenser at /create_user
that faucet needs to hit after creating a new account with the params:
name
- account nameemail
- verified emailowner_key
- public owner key of the new accountsecret
- creation password, will be set in service configTo make signup smoother on mobile we should use the correct input types for all fields, also all autocorrecting features should be disabled for the username field:
autocomplete="off" autocorrect="off" autocapitalize="off" type="text" spellcheck="false"
Actually user only receive email in english language, we should workout internationalisation for email templates. User language should be stored on the db so we can send him email in his language.
@sneak , input on this? it's being used server-side not client-side
In the faucet locales script, it says: Account name should contain only letters, digits, and dashes. Periods are allowed as well. Is excluding periods done on purpose or a limitation of the faucet application, or is it just missing information from the string?
Line 65 in e6c62c9
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.