Severity - (Medium)
Weakness - Violation of Secure Design Principles

Description
User is able to navigate to account settings and change email to any email in a proper email format (i.e. [email protected]). After clicking 'Save' and submitting the form, this email is now saved as their account email. Subsequently, there is no additional email verification needed unlike when a User signs up. This introduces a potential risk to the user in that they may be locked out of their account with no way to reset their password if the 'new' email is entered incorrectly. Based on the current design the 'updateUser' fuction called on submit here: https://github.com/tidepool-org/blip/blob/develop/app/redux/actions/async.js does not consist of any verification for any updates. At minimum, there should be a verification step when changing email

Steps To Reproduce:-

1. Create a valid account
2. Login to this account
3. Navigate to 'Account Settings' by hitting top right button
4. Change email to any validly formatted email
5. Click 'Save' to submit
6. Logout
7. Try to log in - only the new 'unverified' email will work

Example
Original email - gmail.com used

Saved email that is a 'typo' - gmail.cb is not a valid email host

Logging in with original email does not work

Logging in with this 'typo' email does - with no verification step

We need additional tests so that we can feel comfortable with some refactoring in blip. This work should be time-boxed to no more than 3 days of total effort.

Here is the output before+after hitting port 3000 on Windows:

Connect server started on port 3000
[gulp] Error in plugin 'gulp-less': '../../../bower_components/tideline/css/tideline.less' wasn't found in file E:\Projects\blip\app\core\less\tideline.less line no. 19
    at E:\Projects\blip\node_modules\gulp-less\index.js:46:28
    at E:\Projects\blip\node_modules\gulp-less\node_modules\less\lib\less\index.js:23:26
    at Object.finish [as _finish] (E:\Projects\blip\node_modules\gulp-less\node_modules\less\lib\less\parser.js:666:28)
    at Object.subFinish [as _finish] (E:\Projects\blip\node_modules\gulp-less\node_modules\less\lib\less\import-visitor.js:84:47)
    at Object.subFinish [as _finish] (E:\Projects\blip\node_modules\gulp-less\node_modules\less\lib\less\import-visitor.js:84:47)
    at subFinish (E:\Projects\blip\node_modules\gulp-less\node_modules\less\lib\less\import-visitor.js:84:47)
    at E:\Projects\blip\node_modules\gulp-less\node_modules\less\lib\less\import-visitor.js:101:25
    at fileParsedFunc (E:\Projects\blip\node_modules\gulp-less\node_modules\less\lib\less\parser.js:82:17)
    at E:\Projects\blip\node_modules\gulp-less\node_modules\less\lib\less\parser.js:89:29
    at tryPathIndex (E:\Projects\blip\node_modules\gulp-less\node_modules\less\lib\less\index.js:235:21)
Error: module "../../bower_components/tideline/plugins/data/preprocess" not found from "E:\\Projects\\blip\\app\\core\\tideline.js"
    at notFound (E:\Projects\blip\node_modules\gulp-browserify\node_modules\browserify\index.js:782:15)
    at E:\Projects\blip\node_modules\gulp-browserify\node_modules\browserify\index.js:733:23
    at E:\Projects\blip\node_modules\gulp-browserify\node_modules\browserify\node_modules\browser-resolve\index.js:185:24
    at E:\Projects\blip\node_modules\gulp-browserify\node_modules\browserify\node_modules\resolve\lib\async.js:36:22
    at load (E:\Projects\blip\node_modules\gulp-browserify\node_modules\browserify\node_modules\resolve\lib\async.js:54:43)
    at E:\Projects\blip\node_modules\gulp-browserify\node_modules\browserify\node_modules\resolve\lib\async.js:60:22
    at E:\Projects\blip\node_modules\gulp-browserify\node_modules\browserify\node_modules\resolve\lib\async.js:16:47
    at Object.oncomplete (fs.js:107:15)
Error: module "../../bower_components/tidepool-platform-client/tidepool" not found from "E:\\Projects\\blip\\app\\core\\tidepool.js"
    at notFound (E:\Projects\blip\node_modules\gulp-browserify\node_modules\browserify\index.js:782:15)
    at E:\Projects\blip\node_modules\gulp-browserify\node_modules\browserify\index.js:733:23
    at E:\Projects\blip\node_modules\gulp-browserify\node_modules\browserify\node_modules\browser-resolve\index.js:185:24
    at E:\Projects\blip\node_modules\gulp-browserify\node_modules\browserify\node_modules\resolve\lib\async.js:36:22
    at load (E:\Projects\blip\node_modules\gulp-browserify\node_modules\browserify\node_modules\resolve\lib\async.js:54:43)
    at E:\Projects\blip\node_modules\gulp-browserify\node_modules\browserify\node_modules\resolve\lib\async.js:60:22
    at E:\Projects\blip\node_modules\gulp-browserify\node_modules\browserify\node_modules\resolve\lib\async.js:16:47
    at Object.oncomplete (fs.js:107:15)

EDIT0: I am preparing a pull request with path.normalize. http://nodejs.org/api/path.html
EDIT1: Looks more extensive than I thought. Might prepare a sed script when I get the chance. Won't have the chance for at least 3 days.

Three states:

• alert (orange)
• error (red)
• success (green)

For each state, two ways to display:

• text only: on white or gray background (ex: "Wrong username or password" under the login button) -> 1 color (text)
• in colored box: with a light border and the text inside (ex: application error creates a notification on the top of the screen) -> 3 colors (background, text, border)

So in total would need 3*4=12 (I think that's right?) colors, but some could be the same (ex: same "dark red" for error text whether it's in a colored box or not, or white text for all colored boxes...).

@skrugman do you mind sending the HEX codes you'd like for these? Thanks!

(@jebeck moved from tideline #38)

We can see from these screen shots that the left/right day movement arrows are changing position (this is actually even worse because the right one is being pushed down onto another line. But even when the text doesn't fill up to the point of causing a new-line, the arrows are moving.

Why don't I like the arrows moving? Well, I was clicking on the left arrow to move back through some data. And all of a sudden, my clicks stopped doing anything. I was like, "wtf?" I have a trackball and I wasn't touching the ball, so the cursor shouldn't have moved. I looked up to find out that the arrow had shifted. Ok, maybe I bumped the trackball and moved it. So I go up and click on the arrow again and, bam, the arrow moved to the right of my cursor. I believe that I should be able to just leave the cursor there and click and have it work.

Hi, after installing a local copy through the run servers on osx (which worked great), I can sign up for an account op blip, but a validation mail fails to arrive. The server.log states this:

2015/02/08 00:38:44 Issue sending email: Status [403] Message [

Sender
InvalidClientTokenId
The security token included in the request is invalid

74771efc-af22-11e4-ac4d-39b074d1f64e

]
2015/02/08 00:38:44 resendSignUp: Something happened trying to resend a signup email


How can I fix this to get a local stack running?

Hi there!

I currently use a Freestyle Libre and am looking to upload data to Blip. Is there a way to manually upload a CSV if I conform it to a specific format?

Thanks!

Hi. The 90s called, and they want their "Only works in Netscape" error page back.

What about Windows 10 S where only Microsoft Edge browser is available? What about iOS with Safari only? or Nintendo Wii U or Xbox One. On these platforms you can’t install another browser. I personally prefer Firefox and have no intention of installing Chrome or another browser.

There should at least be a way to say “I understand that you guys don’t bother testing in other browsers, now let me proceed anyway.”

According to @skrugman there is a different color for this on hover than the current "swampy" color:

Affects all blue buttons, including in notes and sign-up flow.

Trello card is https://trello.com/c/WJLEE694

"Should have month and year of Dx here, year only is too course for little kids" @HowardLook

The simplest would be to switch to a date field (like date of birth above it). I guess if users don't really remember the day they could just put the first day of the month? Would that work?

I uploaded my data and found my blip tab again, but I'm not sure what to do. It wants me to upload my data or edit my profile, but I've done both of them. What am I supposed to do next?

Per the 2020 ADA Standard of Medical Care in Diabetes the AGP report should be a standard printout. I just compared Tidepool's report with the AGP report presented in this video and

6.4 Standardized, single-page glucose reports with visual cues such as the Ambulatory Glucose Profile (AGP) should be considered as a standard printout for all CGM devices. E

Note the sample report in the abridged standard is missing a lot of information, but the one in the video has a nice set of daily charts below the graph that would be great on the "Trends" page.

It took me a while to figure out that I could click on my username to get back to my profile and the upload data button. As long as the eventual plan is still to have the upload button available in the header as well, I think this problem will fix itself :)

I notice the Dexcom clarity links here are for G5 only: https://support.tidepool.org/article/73-connecting-dexcom-account-to-tidepool

Is there any work in progress to support G6 data? If not, could you link me to the files I should start with to make this work?

When running in 'Quick Start' mode there are currently React warnings in the dev console. To eliminate the warnings some code changes are required. These changes will need to be made to support upgrades to React >= 0.13 as well.

• React.PropTypes.component is now React.PropTypes.element
• React.PropTypes.renderable is now React.PropTypes.node
• 'transferPropsTo' is deprecated

Warning: React.PropTypes.component will be deprecated in a future version. Use React.PropTypes.element instead.
Warning: React.PropTypes.renderable will be deprecated in a future version. Use React.PropTypes.node instead.
Warning: transferPropsTo is deprecated. See http://fb.me/react-transferpropsto for more information.
Warning: Invalid prop `patientsComponent` supplied to `Invitation`, expected a ReactElement. Check the render method of `Patients`.

More info:
https://facebook.github.io/react/blog/2014/10/28/react-v0.12.html

Hello,

I am following the instructions for local deployment described in the development repo but I am receiving the error below. I am posting the issue in this repo because neither the development repo nor the platform repo allow to create one.

My environment

MacOS: v10.15.3
kubectl: v1.17.4
helm: v3.0.2
tilt: v0.11.0

Steps to reproduce

- export KUBECONFIG="$HOME/.kube/config"

- export TIDEPOOL_DOCKER_MONGO_VOLUME="~/MyMongoData"

- bin/tidepool server-start

- bin/tidepool server-set-config

- bin/tidepool start

Error

Error: command ["sh" "-c" "helm template /Users/danielk/Code/GitHub/suppenburger/tidepool-development/charts/tidepool --namespace default --set "global.secret.templated=true" -s
charts/shoreline/charts/mailchimp/templates/mailchimp-secret.yaml -f ./Tiltconfig.yaml -g | kubectl --namespace=default apply --validate=0 --force -f -"] failed.
error: exit status 1

Kindly let me know what I can do to solve this issue.

Thank you
Daniel

I recently forked the repository to review the application and all tests are currently failing on master.

$ node -v
v0.12.2
$ npm -v
2.8.4
$ npm test

> [email protected] test /blip
> jest

Using Jest CLI v0.4.0
 FAIL  app/components/messages/__tests__/message-test.js
Error: Worker process exited before responding! exit code: null, exit signal: SIGSEGV
stderr:

A worker process has quit unexpectedly! This is bad news, shutting down now!
npm ERR! Test failed.  See above for more details.

It appears to be an outstanding issue with Jest / React / Node v.12 (due to an issue with JSDOM).

However I noticed the docs state: "We use Mocha with Chai for the test framework, Sinon.JS and Sinon-Chai for spy, stubs." (No mention of Jest).

Are you using Node v0.10? Should I be running the tests in another manner?

The "Patient" is used throughout the blip experience (e.g. "patient data", "patient profile") Many people - employees and potential users - have indicated that they prefer no to be referred to as "patients," "disabled," etc. And many companies (i.e. Sanofi) have corporate policies of not referring to people with diabetes as "patients". Should we update the wording we use?

Is it possible to have a file to translate the webapp into the desired language? thanks Matteo

I clicked on the thing to upload and it opened up a new tab and then when I closed it, it didn't take me to blip. It took me to whatever my browser thought was the next best tab to show me.

@jh-bate @cheddar I'm opening this so we can discuss a bit before I do anything. Context:

• @jh-bate has written a client-side lib https://github.com/tidepool-org/platform-client that he uses in Clamshell to talk to the Tidepool backend
• @cheddar wrote the initial tidepool/tidepool-platform in Blip, as well as, more recently, some logic to post-process patient device data coming from the backend tidepool/data/
• @nicolashery will add (probably next week) features in Blip that requires fetching patients profile and care team members, something @jh-bate is working on both in the backend and in platform-client.

The idea is to use platform-client for these new features around Care Teams, as well as for the existing features (signup, profile, account etc.). This could be done gradually.

Questions:

• @cheddar Are you ok with this idea? What I'm not sure about is all the logic around device data post-processing (using RxJS). Would you like that to be ported over to platform-client? Or should it stay in Blip? Any other comments/suggestions?
• @jh-bate As discussed, will need to send PRs to platform-client to adapt a couple things.

This could be done gradually, for instance both codes could co-exists in Blip for a while, using platform-client for the new features around Care Teams, a slowly porting the other features out of Blip's own tidepoolplatform.js.

I also want to use core/api.js to wrap both of these "talking to backend API" libraries. This will make it easy for them to co-exists, and will also make it easy for me to put any Blip-specific logic in there, and keep platform-client low-level.

Thoughts welcome :)

The Android blip notes app provides a list of currently used hashtags, which makes it easy to re-use existing tags (without worrying about differences due to poor spelling, underscores vs. capitals, etc..). The web UI doesn't have a corresponding feature.

As a user, I want to be able to use the same set of hashtags in the Blip Notes text area in Chrome that are listed in the Android app, without memorizing the tags.

One way to help with this would be through simple auto-completion of the tags when the user types a '#' character. I've attached a rough mock-up to help explain the idea. (There are issues with the mockup, but I think it helps convey the idea more effectively than text alone. It is not meant to be a design specification, just a visual aid. For one, I think the pop-up should include the '#' character, prefixing each option, for another, the colors are incorrect.)

This mock-up works in essentially the same way as referencing git issues from within github text fields. It does not restrict what you can enter, but it does provide guidance to prevent errors.

I suspect this will depend on an API addition to one of the services, but I'm not yet sure which service would have access to the set of hashtags a user has used, so I haven't created a corresponding back-end ticket.

The upload data link goes stale sometimes. By "goes stale" I mean that you can click on it, try uploading your data via the uploads and it says that you are not logged in. I've noticed this behavior for a while but was unable to figure out what was going on until now.

It seems that the data display page is drawn with the <a href="..."> pre-filled with the link to the uploads API. The thing is, that url cannot be pre-filled, because it uses a token that might go stale. The link needs to be changed to generate the url on click instead of on render.

If you are going to test browser compatibility, test on availability of required features, not useragent string. All required Web APIs should be checked in utils instead of the browser. Technically it would be possible to run an outdated version of Chrome, although it requires some work, which could render the site useless.

The site works fine in Firefox (only tested in version 97), but requires altering the userAgent string to get past the browser compatibility test.

Are there specific features you require that are not available in other browsers? I understand you might be interested in blocking IE, but Safari is likely to be compatible as well as FF. There are Chromium (Google specific) Web APIs that other browser engines haven't implemented, but unless they are strictly necessary, I don't see why you should be blocking FF and Safari.

Alternatively, you can warn the user that the application might not work correctly in other browsers, and you recommend using Chrome, but allow the user to override anyway. Similar to allowing running unsigned applications on most modern OSes.

A PR last week "reminded" us that there is a bit of discrepancy between the data structure for a "user" on the front end side, and what was expected on the server side (see Tidepool Server Data Model). This dates back from when we started working on Blip with mock-data only, I went with a particular model and it just stuck.

I'm ok with taking lead on it, but wanted to open this to have a quick discussion (@kentquirk, @cheddar?) before doing anything, get your thoughts and make sure we're fully aligned.

The main different is the document linked above suggested fullName (ex: 'Nicolas Hery') and shortName (ex: 'Nicolas'), vs firstName and lastName as it is currently implemented. I'm ok with making the shift, and I'll do my best to make it without any data migration needed (more on that later).

I did have some other things I wanted to ask around the user data structure, so I'll throw it in there.

Let's look at some JSON :) Currently, we have this in /metadata/123/profile:

{
  "firstName": "Mary",
  "lastName": "Smith",
  "patient": {
    "birthday": "1987-03-08",
    "diagnosisDate": "1994-02-01",
    "aboutMe": "Loves swimming and fishing. Owns a bakery in San Francisco. Favorite color is orange."
  }
}

Comments:

• firstName and lastName would be replaced by fullName and shortName (using camelCase instead of fullname, shortname, let me know if you'd rather not); not much to say there, I'm ok with that
• aboutMe is only for people that create a "PWD profile" as it is currently, the document had a shortBio attribute for everyone; the question I have are: do we want to switch to the shortBio for everyone, or possibly have 2 "types of bio", one for your user account and one for your PWD profile (with more diabetes-related things)? or do we want to keep it like this?
• I'm using a nested patient object in the main profile for all PWD-related things, I also use the presence or absence of that object to distinguish in the UI people that have a PWD-profile setup or not; my questions are: do we want to flatten this and add maybe either a boolean attribute (ex: isPwd), or a more general roles array attribute that we can use like roles: ['pwd'] for now but might be useful later (roles: ['doctor'])? we can of course keep as-is

I was exhaustive in my comments, and don't want to seem like I'm suggesting we change a bunch of things, but since I'm going to be touching the user model which is pretty central, if there are other changes necessary I'd rather do them at the same time.

As far as "data-migration-less" is concerned, I was thinking of just having a small piece of code checking the profile object on Blip's end for expected "new" attributes, and adding them as necessary. That piece of code can be retired later.

Hi,
I think there should option to hide overlapping blood sugar levels from different sources within some time (let's say 30 minutes), if they're exactly the same. Currently I'm importing data from my Medtronic pump with configured calculator (so I have most blood sugar levels here, but not all) and also from Contour Next Link, where I have all my readings. So most of my readings are doubled as they show once, when I did them with my meter and second time when I gave a bolus and typed blood sugar level to my pump's calculator.
Of course I could just not import data from my meter, but then I would miss on some readings, when I don't need to give any bolus, so I would lack of some data.

Hello! Awesome site by the way! While browsing, I noticed the following React dev tools warning:

I'm not intimately familiar with your build process, but this may or may not be fixed by adding a -p flag to this line, so it becomes:

exec('webpack --entry \'' + entry + '\' --output-filename \'bundle.[hash].js\' --devtool source-map --colors --progress -p');

The x is very close to the edge of the screen. I had to rotate my phone to close the modal. Will take a look tonight and possibly submit a pull request

Print functionality seems to be broken.

XHR https://api.tidepool.org/metrics/thisuser/blip%20-%20Clicked%20Print?fromChart=weekly&sourceVersion=1.15.0 returns empty response

Version 65.0.3325.181 (Official Build) (64-bit) Ubuntu 16.04.6 LTS

Have just done my first upload from a Libre Freestyle using the Tidepool Uploader on Mac
Immediately on logging into the web app I get the following:
"Tidepool is stuck and isn't doing what you want it to do. We're sorry for the trouble."

The Chrome console says:
GET https://api.tidepool.org/metadata/7a31f812a9/preferences 404 (Not Found) api.tidepool.org/confirm/invitations/7a31f812a9:1 GET https://api.tidepool.org/confirm/invitations/7a31f812a9 404 (Not Found) api.tidepool.org/metadata/7a31f812a9/preferences:1 GET https://api.tidepool.org/metadata/7a31f812a9/preferences 404 (Not Found) api.tidepool.org/confirm/invite/7a31f812a9:1 GET https://api.tidepool.org/confirm/invite/7a31f812a9 404 (Not Found) api.tidepool.org/metadata/7a31f812a9/preferences:1 GET https://api.tidepool.org/metadata/7a31f812a9/preferences 404 (Not Found) utils.js:335 Defaulting to display in timezone of most recent upload at 2019-02-03T17:45:43+11:00 Australia/Melbourne patientdata.js:993 Uncaught TypeError: Cannot read property 'type' of undefined at Object.processData (patientdata.js:993) at Object.componentWillReceiveProps (patientdata.js:777) at d.updateComponent (ReactCompositeComponent.js:614) at d.receiveComponent (ReactCompositeComponent.js:547) at Object.receiveComponent (ReactReconciler.js:125) at d._updateRenderedComponent (ReactCompositeComponent.js:754) at d._performComponentUpdate (ReactCompositeComponent.js:724) at d.updateComponent (ReactCompositeComponent.js:645) at d.receiveComponent (ReactCompositeComponent.js:547) at Object.receiveComponent (ReactReconciler.js:125)

Here's what the debugger shows:

It looks like we might be indexing past the end of unprocessedPatientData
Any thoughts on how to fix this?

when visit https://blog.whn.se/post/69621609605/writing-good-react-components, get 404 error

Severity - (Medium 4 - 6.9)
Weakness - Violation of Secure Design Principles

Description
It has been identified that the application is leaking referrer token to third party sites. In this case it was found that the password reset token is being leaked to third party sites which is an issue knowing the fact that it can allow any malicious users to use the token and reset the passwords of the victim.

Steps To Reproduce:-

1. Request a password reset link for a valid account
2. Click on the reset link
3. Before resetting the password click on the twitter/Facebook or any link footer section
4. You will notice the following request in burpsuit

REQUEST:
GET /tidepool_org HTTP/1.1
Host: twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Referer: https://app.tidepool.org/confirm-password-reset?resetKey=HT1JWC9WiPcablF9qMvpYFjG5lcpaoEz
Upgrade-Insecure-Requests: 1

As you can see in the referrer the reset token is getting leaked to third party sites. So, the person who has complete control over that particular third party site can compromise the user accounts easily.

920 x 500 seems a bit overly conservative to me in terms of default/largest size, and it results in stats widget getting cut off:

Would love to discuss making the container size more responsive on larger displays, and a bit wider by default even on small displays (I think even 960px would do it).

I tried logging into staging, got a 500 error on the auth call, but it somehow picked a userId for me and tried to move forward.

As reported to @jebeck by @skrugman.

• the timestamp field text should be grayed out, and the border shouldn't change on hover, at least until it's editable
  
• the Close button should use the close icon from the icon font instead of the word
  
• can we get rid of the little marking in the lower right corner of the textarea?
  

Trello card is https://trello.com/c/Kfb48uoB

It would be great if the strings were translatable.

When uploading data, the GUI has a text box pre-populated with 180. There's not indication to the user of what 180 means or whether they can or should configure it.

Example:

The pilot study is in America. Let's use MM-DD-YYYY for birthdate and diagnosis date.

In the case that the traces of more than one sensor get uploaded simultaneously, it would be nice if they could be distinguishable in the view.

Some random ideas:

• Depending on the uploader, multiple traces could be assigned different colour schemes.
• if more than one uploader is detected, there could be the option to select the one(s) to display. (This would also address #508, I'd think)
• Uploaders could be classified in
  • primary uploaders (dumping unmodified data as read from the source),
  • secondary uploaders (repeating data from primary uploaders), and
  • tertiary uploaders (modifying the data they received, be it by adding their own calibration or smoothing, for example Kalman filters)
• depending on noise, noisier traces could be given a lighter/transparent shade.

Example screenshots

Thanks for providing a bunch of servers to experiment with! :)

New sensor: Enlite2

Production server, patient 726922b6fb uploaded via Tidepool Uploader.
(That Sensor is displaying "typical Enlite behaviour" going deeper and deeper between calibrations.
I don't think BGs ever dropped below 160 during the initial 10 hours.)

Dying G5 and Enlite simultaneously

Integration Server, patient 98c5f0daa7, uploaded via xDrip.
I had kept the noisy G5 around for about a day, since I was curious "how bad it would get", and if it would resume operation at some point in time. Obviously, it didn't...

I have brought up a VM running Ubuntu 14.04, successfully configured it to send mail, then successfully (it seems) started the tidepool server(s). I had some trouble creating my account (tried a second time before the first try had expired).

In trying to find the reason for the failure (which was account already exists), I found that servers.log has the clear text of the password I entered when I attempted to create the account.

This sounds like a serious security issue: that user's passwords are visible to anyone who has access to the machine the Tidepool server is running on.

This server doesn't speak https right now. It needs to be able to speak https.