sandstorm-io / meteor-accounts-sandstorm Goto Github PK
View Code? Open in Web Editor NEWSandstorm.io login integration for Meteor applications.
License: Other
Sandstorm.io login integration for Meteor applications.
License: Other
It seems it is needed to obtain HackSessionContext
to be able to send e-mail from a grain of a Meteor app.
Steps to reproduce:
X-Sandstorm-User-Id
header to the app along with other Sandstorm auth headersExpected behavior:
Actual behavior:
Suggested fix:
meteor-accounts-sandstorm
so that it checks if (process.env.SANDSTORM === "1")
before respecting Sandstorm headers.I can't think of another way to fail-closed, but happy to hear other options. @kentonv looking for your +1 or -1.
(NOTE: Earlier this said === 'Y'
but that was a typo! I fixed the code above.)
And not kenton
. But probably we can just wait for migration to NPM.
Getting the following when attempting to refactor an app to Meteor 1.3 beta 12:
[[[[[ ~/Projects/List ]]]]]
=> Started proxy.
=> Started MongoDB.
�[34mW20160304-09:13:59.337(-6)? (STDERR) �[39m�[35m�[39m
�[34mW20160304-09:13:59.347(-6)? (STDERR) �[39m�[35m/home/nolan/.meteor/packages/meteor-tool/.1.1.13-beta.12.767s8i++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/dev_bundle/server-lib/node_modules/fibers/future.js:267�[39m
�[34mW20160304-09:13:59.348(-6)? (STDERR) �[39m�[35m throw(ex);�[39m
�[34mW20160304-09:13:59.348(-6)? (STDERR) �[39m�[35m ^�[39m
�[34mW20160304-09:13:59.348(-6)? (STDERR) �[39m�[35mTypeError: Object [object Object] has no method 'onConnection'�[39m
�[34mW20160304-09:13:59.348(-6)? (STDERR) �[39m�[35m at Package (packages/kenton_accounts-sandstorm/server.js:35:1)�[39m
�[34mW20160304-09:13:59.349(-6)? (STDERR) �[39m�[35m at packages/kenton_accounts-sandstorm/server.js:165:1�[39m
�[34mW20160304-09:13:59.349(-6)? (STDERR) �[39m�[35m at packages/kenton_accounts-sandstorm/server.js:165:1�[39m
�[34mW20160304-09:13:59.349(-6)? (STDERR) �[39m�[35m at /home/nolan/Projects/List/.meteor/local/build/programs/server/boot.js:245:10�[39m
�[34mW20160304-09:13:59.349(-6)? (STDERR) �[39m�[35m at Array.forEach (native)�[39m
�[34mW20160304-09:13:59.349(-6)? (STDERR) �[39m�[35m at Function..each..forEach (/home/nolan/.meteor/packages/meteor-tool/.1.1.13-beta.12.767s8i++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/dev_bundle/server-lib/node_modules/underscore/underscore.js:79:11)�[39m
�[34mW20160304-09:13:59.349(-6)? (STDERR) �[39m�[35m at /home/nolan/Projects/List/.meteor/local/build/programs/server/boot.js:140:5�[39m
=> Exited with code: 8
Our app needs to route users to one view if they are the owner of a grain, and another view if they are not (including if they are not authenticated to sandstorm at all)
Because meteor-accounts-sandstorm launches a request from the client to the server in order to authenticate the user, we are having problems with the wrong template flashing up on the screen before they get routed to the correct one.
The sequence of events for an owner looks like this:
At step 1, we want to show a loading template. This is a blank template without text and buttons in the middle of the screen, so when we subsequently switch over to the "owner" page the transition is not jarring.
The trouble is, we have no way of distinguishing between a client that has just loaded the app (and the accounts-sandstorm auth hasn't happened yet) and a client who is not authenticated with sandstorm.
So when an unauthenticated user opens the grain:
At step 1, we want the client to be on the "loading" template, to avoid the jarring page transitions as mentioned before - but when we know they are not an owner, we should take them to the "non-owner" template.
I think what we need is some way of telling whether a sandstorm login has been attempted in the current session. We could then wait until the check has been made by accounts-sandstorm before routing them away from "loading".
A simple way to do this would be to set a flag in the meteor Session when client.js
receives the response of the xhr request... any better ideas?
I know how to accomplish all of these tasks, but they seem basic enough that I think they should be rolled into this package. Here's what I've built for a couple Meteor apps that I'm hoping to launch on Sandstorm:
It seems to me that, with the above changes, a Meteor app could potentially be ported to Sandstorm in a way that could work in parallel with the existing app. Pieces of the UI could be selectively displayed/hidden with isInSandstorm, and permissions could either be synced with an existing roles implementation in code that could be kept separate, or checks could be and'd with hasMeteorPermission. If this isn't appropriate for the accounts package, it seems basic enough to warrant addition to a sandstorm-helpers package that is promoted as a way to bring Meteor apps to Sandstorm.
Thanks.
I noticed that this doesn't work with anonymous users. For example, my app is receiving the following headers, but the library takes no action, because there isn't a sandstorm-user-id (see https://github.com/sandstorm-io/meteor-accounts-sandstorm/blob/master/server.js#L48).
{ connection: 'close',
'accept-encoding': 'gzip',
'accept-language': 'en-US,en;q=0.5',
'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:41.0) Gecko/20100101 Firefox/41.0',
'x-sandstorm-username': 'Anonymous%20User',
'x-sandstorm-permissions': 'modify',
'x-sandstorm-base-path': 'http://35bea8c9f81f01acf2b0ee2914c81cbd.local.sandstorm.io:6080',
host: '35bea8c9f81f01acf2b0ee2914c81cbd.local.sandstorm.io:6080',
'x-forwarded-proto': 'http',
'x-sandstorm-session-id': '0',
accept: '*/*' }
I noticed this bug when I shared an edit link to a TextEditor grain, but the user who received the link could not edit the text.
As I think about this, ideally there wouldn't have to be a new User doc for every anonymous user. So maybe it is better for apps that want to support anonymous users to just check the headers manually.
I'm not really sure how to proceed. If there are no code changes, a note in the README about anonymous users would be great.
Do you have any ideas?
Normally I use methods for RPC, but I'm using CollectionFS which uses the insert/update/remove methods directly. I tried something like:
Books.allow
insert: ->
console.log(@connection)
if @connection?.sandstormUser()?.permissions.indexOf("modify") != -1
true
else
false
update: ->
if @connection?.sandstormUser()?.permissions.indexOf("modify") != -1
true
else
false
remove: ->
if @connection?.sandstormUser()?.permissions.indexOf("modify") != -1
true
else
false
but unfortunately this.connection
doesn't appear to exist in this context.
In RocketChat/Rocket.Chat#3055 (comment), @kiwano claimed to have seen the following error in the console:
"couldn't get /.sandstorm-login:" Error: failed [500] Error: wrong Content-Type for .sandstorm-login: application/x-sandstorm-login-token; charset=UTF-8 at packages/kenton_accounts-sandstorm/server.js:138:1 at packages/kenton_accounts-sandstorm/server.js:49:1 at runWithEnvironment (packages/meteor/dynamics_nodejs.js:110:1) at packages/meteor/dynamics_nodejs.js:123:1 at packages/kenton_accounts-sandstorm/server.js:133:1 at runWithEnvironment (packages/meteor/dynamics_nodejs.js:110:1) at packages/meteor/dynamics_nodejs.js:...
Stack trace:
r@https://45d3c833ccfb1e73447de31111762e19.mrdomino.sandcats.io/ac56c377f8920e788030c5dff57aff4c49de5500.js?meteor_js_resource=true:126:282
o.call/g.onreadystatechange@https://45d3c833ccfb1e73447de31111762e19.mrdomino.sandcats.io/ac56c377f8920e788030c5dff57aff4c49de5500.js?meteor_js_resource=true:126:2628
ac56c377f8920e788030c5dff57aff4c49de5500.js:416:1146
It appears that somehow ; charset=UTF-8
was appended to the Content-Type of the XHR on the client side. This seems like incorrect browser behavior.
@kiwano reported this occurred with Iceweasel 38.7.1.
@kiwano, is this behavior consistent in Iceweasel? Does it happen in any other browsers?
Currently it looks like the only applications running out of the site root (i.e. https://host/) are supported - both the client and server request/look for /.sandstorm-login. It'd be better if URL_PATH_PREFIX or similar were to be used to support running out of a subdirectory
http://docs.meteor.com/#/full/accounts_validateloginattempt
Even if callback is returning false
, user is still logged in.
In the process of porting a meteor app to sandstorm. I added the kenton:accounts-sandstorm
package (and removing all the oauths providers, leaving only accounts-password
) ... I keep getting a problem related to the login
variable not being defined in server.js of accounts-sandstorm:
The console.log(login)
line outputs undefined
in logs.
GET http://j1izdhrrrhhhwi4hahog.local.sandstorm.io:6080/.sandstorm-credentials 500 (Internal Server Error)r.call @ 2737201db08ba39f68ec1a2e6341935e1b8c764b.js:78r.get @
2737201db08ba39f68ec1a2e6341935e1b8c764b.js:78(anonymous function) @
2737201db08ba39f68ec1a2e6341935e1b8c764b.js:242t.Computation._compute @
2737201db08ba39f68ec1a2e6341935e1b8c764b.js:9t.Computation @
2737201db08ba39f68ec1a2e6341935e1b8c764b.js:9t.autorun @
2737201db08ba39f68ec1a2e6341935e1b8c764b.js:9(anonymous function) @
2737201db08ba39f68ec1a2e6341935e1b8c764b.js:242o @
2737201db08ba39f68ec1a2e6341935e1b8c764b.js:3o @
2737201db08ba39f68ec1a2e6341935e1b8c764b.js:3
2737201db08ba39f68ec1a2e6341935e1b8c764b.js:242 Error: failed [500] TypeError: Cannot read property 'userId' of undefined
at packages/kenton:accounts-sandstorm/server.js:52:1
at runWithEnvironment (packages/meteor/dynamics_nodejs.js:108:1)
at a (2737201db08ba39f68ec1a2e6341935e1b8c764b.js:78)
at XMLHttpRequest.r.call.g.onreadystatechange
(2737201db08ba39f68ec1a2e6341935e1b8c764b.js:78)
I'm using this package alongside https://github.com/jacksingleton/accounts-sandstorm-dev/ for local development and while the variables passed from Meteor.user() are what was expected in the Meteor dev environment:
$ Meteor.user()
{ _id: "5K4kv3TntZe4Ea8Fk", profile: Object, has_submitted: true, services: {sandstorm: Object} }
When I do the same inside the vagrant-spk dev
environment I get:
$ Meteor.user()
Object { _id: "5k5i9FdPo7tNHTYwt", hasCompletedSignup: true, isAdmin: true, signupKey: "devAccounts", loginIdentities: Array[1], nonloginIdentities: Array[0] }
Which isn't what I thought the package should return.
The packaging instructions I'm following are here: https://docs.sandstorm.io/en/latest/vagrant-spk/packaging-tutorial-meteor/
While I'm now wondering whether what I should be using is: https://github.com/sandstorm-io/meteor-spk and whether that makes a difference in set up?
The code for this is: https://github.com/simonv3/quick-survey/
Because that’s pretty useful when updating the package :-)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.