sandstorm-io / meteor-accounts-sandstorm Goto Github PK

Upgrading Rocket.Chat to meteor 1.5 and every page refresh leads to logout and this log in the console:

Ref RocketChat/Rocket.Chat#7556

pls check, I've encountered the error upon meteor run

It seems it is needed to obtain HackSessionContext to be able to send e-mail from a grain of a Meteor app.

Steps to reproduce:

• Find some app that has this package installed, but is deployed on appname.meteor.com
• Send the X-Sandstorm-User-Id header to the app along with other Sandstorm auth headers

Expected behavior:

• Nothing, since the app is not on Sandstorm.

Actual behavior:

• The app would create a new account, even though it's not running within Sandstorm, which is very likely not what the person using this Meteor package intended.

Suggested fix:

• Adjust meteor-accounts-sandstorm so that it checks if (process.env.SANDSTORM === "1") before respecting Sandstorm headers.
• Bump the major version number to indicate backwards incompatible change.

I can't think of another way to fail-closed, but happy to hear other options. @kentonv looking for your +1 or -1.

(NOTE: Earlier this said === 'Y' but that was a typo! I fixed the code above.)

And not kenton. But probably we can just wait for migration to NPM.

Getting the following when attempting to refactor an app to Meteor 1.3 beta 12:

[[[[[ ~/Projects/List ]]]]]

=> Started proxy.
=> Started MongoDB.
�[34mW20160304-09:13:59.337(-6)? (STDERR) �[39m�[35m�[39m
�[34mW20160304-09:13:59.347(-6)? (STDERR) �[39m�[35m/home/nolan/.meteor/packages/meteor-tool/.1.1.13-beta.12.767s8i++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/dev_bundle/server-lib/node_modules/fibers/future.js:267�[39m
�[34mW20160304-09:13:59.348(-6)? (STDERR) �[39m�[35m throw(ex);�[39m
�[34mW20160304-09:13:59.348(-6)? (STDERR) �[39m�[35m ^�[39m
�[34mW20160304-09:13:59.348(-6)? (STDERR) �[39m�[35mTypeError: Object [object Object] has no method 'onConnection'�[39m
�[34mW20160304-09:13:59.348(-6)? (STDERR) �[39m�[35m at Package (packages/kenton_accounts-sandstorm/server.js:35:1)�[39m
�[34mW20160304-09:13:59.349(-6)? (STDERR) �[39m�[35m at packages/kenton_accounts-sandstorm/server.js:165:1�[39m
�[34mW20160304-09:13:59.349(-6)? (STDERR) �[39m�[35m at packages/kenton_accounts-sandstorm/server.js:165:1�[39m
�[34mW20160304-09:13:59.349(-6)? (STDERR) �[39m�[35m at /home/nolan/Projects/List/.meteor/local/build/programs/server/boot.js:245:10�[39m
�[34mW20160304-09:13:59.349(-6)? (STDERR) �[39m�[35m at Array.forEach (native)�[39m
�[34mW20160304-09:13:59.349(-6)? (STDERR) �[39m�[35m at Function..each..forEach (/home/nolan/.meteor/packages/meteor-tool/.1.1.13-beta.12.767s8i++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/dev_bundle/server-lib/node_modules/underscore/underscore.js:79:11)�[39m
�[34mW20160304-09:13:59.349(-6)? (STDERR) �[39m�[35m at /home/nolan/Projects/List/.meteor/local/build/programs/server/boot.js:140:5�[39m
=> Exited with code: 8

Our app needs to route users to one view if they are the owner of a grain, and another view if they are not (including if they are not authenticated to sandstorm at all)

Because meteor-accounts-sandstorm launches a request from the client to the server in order to authenticate the user, we are having problems with the wrong template flashing up on the screen before they get routed to the correct one.

The sequence of events for an owner looks like this:

1. Owner opens our grain
   Meteor.user() == undefined
   Meteor.loggingIn() == false
2. Sandstorm login begins
   Meteor.user() == object without "services.sandstorm.permissions"
   Meteor.loggingIn() == true
3. Sandstorm login finishes
   Meteor.user() == object with "services.sandstorm.permissions" of ['owner']

At step 1, we want to show a loading template. This is a blank template without text and buttons in the middle of the screen, so when we subsequently switch over to the "owner" page the transition is not jarring.

The trouble is, we have no way of distinguishing between a client that has just loaded the app (and the accounts-sandstorm auth hasn't happened yet) and a client who is not authenticated with sandstorm.

So when an unauthenticated user opens the grain:

1. Unauthenticated user follows link to grain
   Meteor.user() == undefined
   Meteor.loggingIn() == false
2. Sandstorm checks for x-sandstorm-user-id, doesn't find it, so never logs in
   Meteor.user() == undefined
   Meteor.loggingIn() == false

At step 1, we want the client to be on the "loading" template, to avoid the jarring page transitions as mentioned before - but when we know they are not an owner, we should take them to the "non-owner" template.

I think what we need is some way of telling whether a sandstorm login has been attempted in the current session. We could then wait until the check has been made by accounts-sandstorm before routing them away from "loading".

A simple way to do this would be to set a flag in the meteor Session when client.js receives the response of the xhr request... any better ideas?

I know how to accomplish all of these tasks, but they seem basic enough that I think they should be rolled into this package. Here's what I've built for a couple Meteor apps that I'm hoping to launch on Sandstorm:

• A "user" subscription, subscribed to globally on startup, that pushes services.sandstorm.permissions of the current user to the client.
• An isInSandstorm UI helper that returns true if services.sandstorm != null for the current user. This could be substituted for a more appropriate check if one were to exist.
• A hasSandstormPermission UI helper that takes a single permission. Perhaps it could also take an array. If the user isn't in Sandstorm I return true. The idea is that hasSandstormPermission can be paired with any app-native RBAC, and that if the user isn't in Sandstorm, it should be a no-op. I want to build my app taking permissions into account, be able to test it thoroughly outside of Sandstorm, then load it into the dev environment near the end to ensure that the permissions work. While making this helper return false might seem more secure in a "deny by default" sense, I worry that it might cause developers to either not check permissions or to remove tests when developing, rather than leaving tests in and punting their implementation to Sandstorm. IOW, if this helper returned false by default, I might get annoyed at not being able to test a piece of functionality and remove the check, or I might forget to add one when building out a feature.

It seems to me that, with the above changes, a Meteor app could potentially be ported to Sandstorm in a way that could work in parallel with the existing app. Pieces of the UI could be selectively displayed/hidden with isInSandstorm, and permissions could either be synced with an existing roles implementation in code that could be kept separate, or checks could be and'd with hasMeteorPermission. If this isn't appropriate for the accounts package, it seems basic enough to warrant addition to a sandstorm-helpers package that is promoted as a way to bring Meteor apps to Sandstorm.

Thanks.

I noticed that this doesn't work with anonymous users. For example, my app is receiving the following headers, but the library takes no action, because there isn't a sandstorm-user-id (see https://github.com/sandstorm-io/meteor-accounts-sandstorm/blob/master/server.js#L48).

{ connection: 'close',
  'accept-encoding': 'gzip',
  'accept-language': 'en-US,en;q=0.5',
  'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:41.0) Gecko/20100101 Firefox/41.0',
  'x-sandstorm-username': 'Anonymous%20User',
  'x-sandstorm-permissions': 'modify',
  'x-sandstorm-base-path': 'http://35bea8c9f81f01acf2b0ee2914c81cbd.local.sandstorm.io:6080',
  host: '35bea8c9f81f01acf2b0ee2914c81cbd.local.sandstorm.io:6080',
  'x-forwarded-proto': 'http',
  'x-sandstorm-session-id': '0',
  accept: '*/*' }

I noticed this bug when I shared an edit link to a TextEditor grain, but the user who received the link could not edit the text.

As I think about this, ideally there wouldn't have to be a new User doc for every anonymous user. So maybe it is better for apps that want to support anonymous users to just check the headers manually.

I'm not really sure how to proceed. If there are no code changes, a note in the README about anonymous users would be great.

Do you have any ideas?

Normally I use methods for RPC, but I'm using CollectionFS which uses the insert/update/remove methods directly. I tried something like:

Books.allow
  insert: ->
    console.log(@connection)
    if @connection?.sandstormUser()?.permissions.indexOf("modify") != -1
      true
    else
      false
  update: ->
    if @connection?.sandstormUser()?.permissions.indexOf("modify") != -1
      true
    else
      false
  remove: ->
    if @connection?.sandstormUser()?.permissions.indexOf("modify") != -1
      true
    else
      false

but unfortunately this.connection doesn't appear to exist in this context.

In RocketChat/Rocket.Chat#3055 (comment), @kiwano claimed to have seen the following error in the console:

"couldn't get /.sandstorm-login:" Error: failed [500] Error: wrong Content-Type for .sandstorm-login: application/x-sandstorm-login-token; charset=UTF-8 at packages/kenton_accounts-sandstorm/server.js:138:1 at packages/kenton_accounts-sandstorm/server.js:49:1 at runWithEnvironment (packages/meteor/dynamics_nodejs.js:110:1) at packages/meteor/dynamics_nodejs.js:123:1 at packages/kenton_accounts-sandstorm/server.js:133:1 at runWithEnvironment (packages/meteor/dynamics_nodejs.js:110:1) at packages/meteor/dynamics_nodejs.js:...
Stack trace:
r@https://45d3c833ccfb1e73447de31111762e19.mrdomino.sandcats.io/ac56c377f8920e788030c5dff57aff4c49de5500.js?meteor_js_resource=true:126:282
o.call/g.onreadystatechange@https://45d3c833ccfb1e73447de31111762e19.mrdomino.sandcats.io/ac56c377f8920e788030c5dff57aff4c49de5500.js?meteor_js_resource=true:126:2628
ac56c377f8920e788030c5dff57aff4c49de5500.js:416:1146

It appears that somehow ; charset=UTF-8 was appended to the Content-Type of the XHR on the client side. This seems like incorrect browser behavior.

@kiwano reported this occurred with Iceweasel 38.7.1.

@kiwano, is this behavior consistent in Iceweasel? Does it happen in any other browsers?

Currently it looks like the only applications running out of the site root (i.e. https://host/) are supported - both the client and server request/look for /.sandstorm-login. It'd be better if URL_PATH_PREFIX or similar were to be used to support running out of a subdirectory

http://docs.meteor.com/#/full/accounts_validateloginattempt

Even if callback is returning false, user is still logged in.

In the process of porting a meteor app to sandstorm. I added the kenton:accounts-sandstorm package (and removing all the oauths providers, leaving only accounts-password) ... I keep getting a problem related to the login variable not being defined in server.js of accounts-sandstorm:

The console.log(login) line outputs undefined in logs.

GET http://j1izdhrrrhhhwi4hahog.local.sandstorm.io:6080/.sandstorm-credentials 500 (Internal Server Error)r.call @ 2737201db08ba39f68ec1a2e6341935e1b8c764b.js:78r.get @ 

2737201db08ba39f68ec1a2e6341935e1b8c764b.js:78(anonymous function) @ 

2737201db08ba39f68ec1a2e6341935e1b8c764b.js:242t.Computation._compute @ 

2737201db08ba39f68ec1a2e6341935e1b8c764b.js:9t.Computation @ 

2737201db08ba39f68ec1a2e6341935e1b8c764b.js:9t.autorun @ 

2737201db08ba39f68ec1a2e6341935e1b8c764b.js:9(anonymous function) @ 

2737201db08ba39f68ec1a2e6341935e1b8c764b.js:242o @ 

2737201db08ba39f68ec1a2e6341935e1b8c764b.js:3o @ 

2737201db08ba39f68ec1a2e6341935e1b8c764b.js:3

2737201db08ba39f68ec1a2e6341935e1b8c764b.js:242 Error: failed [500] TypeError: Cannot read property 'userId' of undefined    

 at packages/kenton:accounts-sandstorm/server.js:52:1    

 at runWithEnvironment (packages/meteor/dynamics_nodejs.js:108:1)

    at a (2737201db08ba39f68ec1a2e6341935e1b8c764b.js:78)

    at XMLHttpRequest.r.call.g.onreadystatechange 

(2737201db08ba39f68ec1a2e6341935e1b8c764b.js:78)

I'm using this package alongside https://github.com/jacksingleton/accounts-sandstorm-dev/ for local development and while the variables passed from Meteor.user() are what was expected in the Meteor dev environment:

$ Meteor.user()
{ _id: "5K4kv3TntZe4Ea8Fk", profile: Object, has_submitted: true, services: {sandstorm: Object} }

When I do the same inside the vagrant-spk dev environment I get:

$ Meteor.user()
Object { _id: "5k5i9FdPo7tNHTYwt", hasCompletedSignup: true, isAdmin: true, signupKey: "devAccounts", loginIdentities: Array[1], nonloginIdentities: Array[0] }

Which isn't what I thought the package should return.

The packaging instructions I'm following are here: https://docs.sandstorm.io/en/latest/vagrant-spk/packaging-tutorial-meteor/
While I'm now wondering whether what I should be using is: https://github.com/sandstorm-io/meteor-spk and whether that makes a difference in set up?

The code for this is: https://github.com/simonv3/quick-survey/

Because that’s pretty useful when updating the package :-)