theidentityselector / thiss-js Goto Github PK

View Code? Open in Web Editor NEW

13.0 7.0 22.0 45.75 MB

The identity selector software source

License: Other

Makefile 2.83% HTML 18.11% JavaScript 59.15% Dockerfile 0.64% Shell 3.13% SCSS 16.13%

thiss-js's People

Contributors

Stargazers

Watchers

thiss-js's Issues

Support running the ds on a path other then /

In some circumstances we have the need to run the discovery service on another path then / e.g /test/.

In order to get this to work I think BASEURL needs to be split up to not include the URI and publicPath configurable to contain the URL. My attempts to fix this failed probably due to lack of knowledge in webpack.

Docker as non-root user

It would be really great if the docker setup could be modified to run as a non-root user to facilitate deployment in secure environments.

Pre expire of IdP:s

When a IdP is on it's way to get replaced we want to have the old removed from the selector BEFORE it's removed from the Metadata.
Could it be removed from the selector when the old IdP is tagged with hide-from-discovery.

Double entityid attributes

Currently there are two entityid attributes used: entity_id and and entityID. This is to address a backwards-compatibility issue with older versions of the software.

Having two attributes can be a source of confusion for integrators that can lead to an inconsistency of user experience across integrators' sites.

The entityID attribute should not be needed.

Example below:

Integrator 1:

Dear...

We [an integrator] are very close to implementing the standard integration of SeamlessAccess in the coming days. We have performed a soft launch on our content platform and are about to embark
on UAT with a handful of customers across the globe.

Using login credentials provided to me by one of our UK subscribing libraries, I was able to test persistence on our website as well as across the various participating publisher sites. I was able to prove persistence works when a user makes known their chosen IdP on each participating publisher site, whether that’s ScienceDirect, or WileyOnline and then lands on a resource on our website. In all instances the SeamlessAccess button recognised the already confirmed IdP.

However, we noticed an issue with your website, whereby although the button changed to recognised the chosen IdP, when selecting the button to authenticate through that IdP, I was unable to. I noticed the same outcome having tested this between your website and other participating publisher sites.

We believe that you are using an alternative way in how they construct the SeamlessAccess object in the local browser storage. It looks like the entityID attribute is omitted, in that it only contains ‘entity_id’. So when a user successfully goes through the WAYF process on your website with their chosen IdP, and then bounces to our website, our site recognises the IdP on the button, so the persistence takes effect. However, when clicking on the SeamlessAccess button to authenticate as a user from that IdP, it does not point to the IdP SSO login page – in other words nothing happens and the user hits a barrier.

Having gone through the document below, my understanding is that both the ‘entityID ‘and ‘entity_id’ attributes should be contained in the SeamlessAccess object

Our concern here is this could now impede users who may land on an our website resource from your website. The user would be forced to use the ‘Add or Change institution’ link to then reconfirm themselves as a user from the very IdP they are being recognised as, introducing friction in a process designed to remove just that.

Please let me know your thoughts on this matter and I look forward to your reply.

Integrator 2:

Hi...

Thanks for raising this.

I think if I understand correctly, you’re using the entity_id attribute to populate the institution to the SA button, but the entityID attribute to construct the WAYFless URL that sits behind the button, and our website is only populating the entity_id attribute, so on your website the institution displays in the SA button, but there’s no WAYFless URL behind it.

It’s been a while since our implementation, but I think we only populated entity_id, because that was the forward-facing option. And I’m not sure that everyone using the SA service is using the entity_id attribute to populate the institution to the SA button and the entityID attribute to construct the WAYFless URL.

Seamless Access team: can I ask please?: Can you remind me why there are two entityid attributes? Should both be populated and why? And what should someone use to pull back the entityid to populate the name in the button and construct the WAYFless URL.

Thanks.

Seamless Access team:

The "double entityID attributes" is to address a backwards-compatibility issue with older
versions of the software. The entityID attribute should not be needed.

Could somebody open an issue on github.com/TheIdentitySelector/thiss-js and we'll get to
work debugging this.

Examples are not headers

"Examples: Science Institute, [email protected], UCLA" at the Discovery Service (/ds/) is coded as

.
The examples are not headers, code them as something else to not confuse screen readers.

WHITELIST not defined in environment but enforced regardless

I am using commit adef39a

I ran 'make standalone' and then deployed the code in dist/

The entrypoint script for my container does

cd /dist
for f in find . -printf '%P\n'; do
if [ "x$f" != "x" -a -f $f ]; then
d=dirname $f
mkdir -p /usr/share/nginx/html/$d
envsubst '${BASE_URL} ${PERSISTENCE_URL} ${MDQ_URL} ${SEARCH_URL} ${DEFAULT_CONTEXT}' < $f > /usr/share/nginx/html/$f
fi
done

There is no WHITELIST defined for the process.

When I browse to the ds I see in the console log

Access denied from...

Missing lang attributes in Standard button

The Standard button does not include lang attributes, even though the selected language (from user-agent) is known and mapped to available languages of the button.
The html of the document should have a lang attribute with the value of the resulting language.

Wrong language of the html tag for the Discovery Service

The html tag of the Discovery Service (/ds/) includes a lang attribut but the value is always set to en. The value should be changed when the user changes its preferences (using the language drop-down) or using the Accept-Language request header with a value available (currently en, es and sv).

Google Fonts Webpack Plugin does not handle errors.

Issue: If the Webpack plugin does not get "200" response status from Google Font server, its Promise does not handle an error, resulting in a build that needs to be restarted. In the attached screenshot we are taken to a "download" function in the NPM package that does not handle errors well.

Fix: Potential fixes: get rid of the plugin, fix the plugin.

Requests are not properly proxied to pyff

Requests are not properly proxied to pyff.

With thiss-js running in a container built from thiss-js/staging with pyff running curl -LI http://localhost:8080/entities/undefined.json returns

HTTP/1.1 404 Not Found
Server: nginx/1.10.3
Date: Fri, 17 Jun 2022 06:15:53 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 169
Connection: keep-alive

With proxying properly configured the same request returns

HTTP/1.1 200 OK
Server: nginx/1.10.3
Date: Fri, 17 Jun 2022 06:21:30 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 2
Connection: keep-alive
ETag: 97d170e1550eee4afc0af065b78cda302a97674c
Expires: Fri, 17 Jun 2022 08:21:30 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST,GET,DELETE,PUT,OPTIONS
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Authorization
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1728000

This is fixed by #233

Builds are failing because NodeJS are out of sync.

Replicate Bug: change any line of code in any of the files and create a new PR.

Problem: any build will fail during the SASS compilation phase. Package "node-sass" has to be rebuilt per the following error:

Error: Missing binding /opt/build/repo/node_modules/node-sass/vendor/linux-x64-72/binding.node
Node Sass could not find a binding for your current environment: Linux 64-bit with Node.js 12.x
Found bindings for the following environments:

Linux 64-bit with Node.js 8.x
This usually happens because your environment has changed since running npm install.
Run npm rebuild node-sass to download the binding for your current environment.

Solution: force node-sass rebuild

Increase target size of "delete" institution

The delete button is currently to small to meet WCAG 2.2 criteria on target sizes.

We would like to have a invisible div around it, which enlarges the target size to at least 60 high and 40 wide. If possible this should also show the word "delete" below the cross when hovered/focused. This to give a indicator other than color on selecting the delete action.

thiss-js doesn't properly expire entries

Currently thiss/thiss-ds doesn't provide a good way to expire entries.

Notify the user when search results are selectable

When searching for IdP:s at SeamlessAccess, "e" gives 914 hits, and the user is notified by screen readers. "ed" notifies the user of 186 hits, "edu" gives 163 hits and the user is notified. However, when adding letters so that search result is down to less than 10(?) hits, .e.g "eduid", the results are displayed, but screen readers are not notified.
A hidden but notified by screen readers of "6 Matches, please select your institution or keep typing to refine your search" would let users know that it is time to select an institution.

Show chevron on also on:focus in the list

Currently we dont show the chevron when focusing on items in the list.

Since we cannot currently rely on browsers to meet WCAG 2.2, this should also be triggered on:focus

Font colour for the SA button

In addition to configuration parameter to change the colour of the button and the background bellow the button, a configuration parameter for font colour for text presented on and bellow the button should also exist for full customisation ability. The instructions at https://thiss-js.readthedocs.io/en/latest/components.html and at https://seamlessaccess.atlassian.net/wiki/spaces/DOCUMENTAT/pages/458783/States+Styles+and+Assets should be updated accordingly.

Thanks!

The Standard button should have a mouse-over color

The Add or change institution get underlined when hovered. The button should have something similar.
The default value of the hover color should probable be the color selected for the button (blue by default). Another hover color should be configurable, used when mouse hovering the button.

node-gyp version 3.8.0 requires python 2.x

The file package-lock.json sets the node-gyp version to 3.8.0, but that is an old version of gyp that still requires python 2.x.

`make docker` refuses to build because node version is too old

 make docker
make BASE_URL='$${BASE_URL}' COMPONENT_URL='$${BASE_URL}cta/' MDQ_URL='$${MDQ_URL}' PERSISTENCE_URL='$${BASE_URL}ps/' SEARCH_URL='$${SEARCH_URL}' STORAGE_DOMAIN='$${STORAGE_DOMAIN}' LOGLEVEL='$${LOGLEVEL}' DEFAULT_CONTEXT='$${DEFAULT_CONTEXT}' WHITELIST='$${WHITELIST}' build_in_docker
make[1]: se entra en el directorio '/home/alex/OneDrive/thiss-js'
docker build -t thiss-builder:1.6.4 -f Dockerfile.build .
[+] Building 79.9s (9/10)                                                                                                                                                                
 => [internal] load .dockerignore                                                                                                                                                   0.9s
 => => transferring context: 2B                                                                                                                                                     0.0s
 => [internal] load build definition from Dockerfile.build                                                                                                                          0.7s
 => => transferring dockerfile: 184B                                                                                                                                                0.0s
 => [internal] load metadata for docker.io/library/node:12                                                                                                                          2.3s
 => [1/6] FROM docker.io/library/node:12@sha256:01627afeb110b3054ba4a1405541ca095c8bfca1cb6f2be9479c767a2711879e                                                                   43.6s
 => => resolve docker.io/library/node:12@sha256:01627afeb110b3054ba4a1405541ca095c8bfca1cb6f2be9479c767a2711879e                                                                    0.5s
 => => sha256:01627afeb110b3054ba4a1405541ca095c8bfca1cb6f2be9479c767a2711879e 776B / 776B                                                                                          0.0s
 => => sha256:3a69ea1270dbf4ef20477361be4b7a43400e559c6abdfaf69d73f7c755f434f5 2.21kB / 2.21kB                                                                                      0.0s
 => => sha256:6c8de432fc7f7d8c58899f61982d1662ec6b73fb3ef92f862ba170dcc5b64fa9 7.68kB / 7.68kB                                                                                      0.0s
 => => sha256:f44e4bdb3a6c1325cc4d40e585ed7a759127c0c87b0388ec0236b1698827d70d 4.34MB / 4.34MB                                                                                      1.2s
 => => sha256:9bed1e86f01ee95c76d2c8b4385a47ae336e6d293afade9368469d99daa9369f 11.30MB / 11.30MB                                                                                    9.3s
 => => sha256:f5196cdf25181bc7e4411865a2e002932b7b6b0ffce787c04c1bdeaf1f204f20 45.43MB / 45.43MB                                                                                    9.1s
 => => sha256:2f75d131f4060950dd6cc1f580e2fa5504ece8d692113a9cdb0a866637b397d7 49.77MB / 49.77MB                                                                                   11.8s
 => => extracting sha256:f5196cdf25181bc7e4411865a2e002932b7b6b0ffce787c04c1bdeaf1f204f20                                                                                           0.6s
 => => sha256:07dff4ad21ebdb3ce3e329699663b2f81af70152453025f6624584a39a8e22b6 214.48MB / 214.48MB                                                                                 35.2s
 => => sha256:e0ac4f13b766d321acc3b650d3d23b82828995711f6f247ff591722c00d04cec 4.19kB / 4.19kB                                                                                      9.7s
 => => sha256:df2c3b2eb7cc63351bb32f26457bbe0402af8082548f26975f0c329bc7841881 23.70MB / 23.70MB                                                                                   15.0s
 => => extracting sha256:9bed1e86f01ee95c76d2c8b4385a47ae336e6d293afade9368469d99daa9369f                                                                                           0.2s
 => => extracting sha256:f44e4bdb3a6c1325cc4d40e585ed7a759127c0c87b0388ec0236b1698827d70d                                                                                           0.1s
 => => extracting sha256:2f75d131f4060950dd6cc1f580e2fa5504ece8d692113a9cdb0a866637b397d7                                                                                           0.7s
 => => sha256:efe636eac583776a8a114d50fef15bc65b648f3d2bb53326cf1f21cc5ef2b3ae 2.34MB / 2.34MB                                                                                     12.6s
 => => sha256:fe17849545bb51455d3f7c8773ded2dbb1d6668a85bd00564573a4b88afd36f6 464B / 464B                                                                                         12.9s
 => => extracting sha256:07dff4ad21ebdb3ce3e329699663b2f81af70152453025f6624584a39a8e22b6                                                                                           2.6s
 => => extracting sha256:e0ac4f13b766d321acc3b650d3d23b82828995711f6f247ff591722c00d04cec                                                                                           0.0s
 => => extracting sha256:df2c3b2eb7cc63351bb32f26457bbe0402af8082548f26975f0c329bc7841881                                                                                           0.5s
 => => extracting sha256:efe636eac583776a8a114d50fef15bc65b648f3d2bb53326cf1f21cc5ef2b3ae                                                                                           0.1s
 => => extracting sha256:fe17849545bb51455d3f7c8773ded2dbb1d6668a85bd00564573a4b88afd36f6                                                                                           0.0s
 => [internal] load build context                                                                                                                                                   0.7s
 => => transferring context: 604.81kB                                                                                                                                               0.0s
 => [2/6] WORKDIR /usr/src/app                                                                                                                                                      0.9s
 => [3/6] COPY package*.json webpack* ./                                                                                                                                            0.8s
 => [4/6] RUN npm install -g npm webpack webpack-cli                                                                                                                               29.6s
 => ERROR [5/6] RUN npm install                                                                                                                                                     1.4s 
------                                                                                                                                                                                   
 > [5/6] RUN npm install:                                                                                                                                                                
#0 1.174 ERROR: npm v9.6.0 is known not to run on Node.js v12.22.12. You'll need to                                                                                                      
#0 1.174 upgrade to a newer Node.js version in order to use this version of npm. This                                                                                                    
#0 1.174 version of npm supports the following node versions: `^14.17.0 || ^16.13.0 ||                                                                                                   
#0 1.174 >=18.0.0`. You can find the latest version at https://nodejs.org/.                                                                                                              
#0 1.174 
#0 1.174 ERROR:
#0 1.175 /usr/local/lib/node_modules/npm/lib/utils/exit-handler.js:21
#0 1.175   const hasLoadedNpm = npm?.config.loaded
#0 1.175                            ^
#0 1.175 
#0 1.175 SyntaxError: Unexpected token '.'
#0 1.175     at wrapSafe (internal/modules/cjs/loader.js:915:16)
#0 1.175     at Module._compile (internal/modules/cjs/loader.js:963:27)
#0 1.175     at Object.Module._extensions..js (internal/modules/cjs/loader.js:1027:10)
#0 1.175     at Module.load (internal/modules/cjs/loader.js:863:32)
#0 1.175     at Function.Module._load (internal/modules/cjs/loader.js:708:14)
#0 1.175     at Module.require (internal/modules/cjs/loader.js:887:19)
#0 1.175     at require (internal/modules/cjs/helpers.js:74:18)
#0 1.175     at module.exports (/usr/local/lib/node_modules/npm/lib/cli.js:81:23)
#0 1.175     at Object.<anonymous> (/usr/local/lib/node_modules/npm/bin/npm-cli.js:2:25)
#0 1.175     at Module._compile (internal/modules/cjs/loader.js:999:30)
------
Dockerfile.build:5
--------------------
   3 |     COPY package*.json webpack* ./
   4 |     RUN npm install -g npm webpack webpack-cli
   5 | >>> RUN npm install
   6 |     COPY src ./src
   7 |     
--------------------
ERROR: failed to solve: process "/bin/sh -c npm install" did not complete successfully: exit code: 1
make[1]: *** [Makefile:77: thiss_builder] Error 1
make[1]: se sale del directorio '/home/alex/OneDrive/thiss-js'
make: *** [Makefile:50: standalone_in_docker] Error 2

Hide button image from screen readers

The image in the Standard button is missing an alt attribute, and is also missing aria-hidden=true, this make screen readers notify users of the image.
This results in screen readers notifying users of the button which in unnecissary.
Resolved by #217.
Other images at the discovery service may have similar issues.

Re-work the focus settings of the Standard button

The Standard button gets a thin, black border when focused (using tab, not mouse-over). This does not pass AA compliance.
The border needs to be thicker, and the color needs to be configurable.

Security improvements - Sandbox & Iframe attribute

Some suggested security improvements:

Sandbox attribute
Sandboxing an iframe is a powerful technique for reducing the risk that a clever attacker will be able to exploit holes in each sites code and is also suggested by OWASP: https://cheatsheetseries.owasp.org/cheatsheets/HTML5_Security_Cheat_Sheet.html#sandboxed-frames
CSP and CSP Iframe attribute
As suggested in https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP Content-Security-Policy is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. And then in turn the iframe can mandate the underlying site obeys these CSP attributes

selecting >3 items in the DS causes crash

(reported by Andras Graal)

Add aria-labelledby to Find Your Institution

Find Your Institution and Choose Your Institution should have the attribute aria-labelledby (or some more useful attribute) so that screen readers know the important thing to notify the user of on page load and when selecting the searchinput search field.

Security improvement - Integrity check

Hi, in addition to my other security ticket related to this repos, could we also request you add an integrity check similar to:

With the scripts being loaded in an iframe and then fetched by the browser, the integrity check would give another layer of security that the script has not been tampered with (even though it does come from the seamlessaccess domain)

Many thanks

i18n

This issue is a placeholder for discussing requirements for internationalization for thiss-js and related software.

show version https://service.seamlessaccess.org/thiss.js

@leifj can you please include the thiss-js version in the URL, https://service.seamlessaccess.org/thiss.js?

Support for using multiple IdPs concurrently

In the WAYF.dk federation it is quite common for our users to use at least two IdPs for different services. Typically one of the IdPs is the Danish government IdP (NemLog-in) and the other an institutional IdP. The main reason for the daily use of NemLog-in (in addition to the occasional use of it for institutional id booting and password reset) is that quite often the institutions student information systems and their identity management systems are not integrated, so our national id number (cpr) is used in the SIS and are provisioned as the primary key in SIS data to internal and external systems. Thus the users are able/forced to log in using NemLog-in which provides cpr.

We therefore currently keep SP/IdP pairs in our persistence layer and have built our RA21 button support on top of that. This allows us to present a SP specific IdP on the button. We would like to use the seamless.org persistence layer eventually, but we need support for this use case.

In the current implementation of thiss.js our users will experience a lot of flip-flop as the button (depending on the algorithm for selecting the IdP) always shows the last used IdP?

We have an additional challenge in that our entities can belong to multiple tagged sub-federations and they are only allowed to communicate if the intersection of the SP's and IdP's tags are not empty. Our current discoveryservice checks for that - it knows the SP - and doesn't show irrelevant IdP apart from previously choosen IdP which are marked as irrelevant.

As thiss.js uses a self-declared "RequestInitiator" (loginInitiatorURL) it doesn't actually know the SP
and even if it did this check would potentially require a metadata lookup if the SP metadata wasn't cached and I understand that might be to heavy for the button.

Using the SP entityID as a parameter to the button would require that the loginInitiatorURL could be validated in SP metadata to prevent leaking IdP information so this seems out of the question as well.

However I have an early version (not based on thiss code!) running that uses the same list of IdPs as thiss.js, but in addition keeps a map of loginInitiatorURLs to IdP entityIDs pairs.

A pair is added to the map for every used loginInitiatorURL/IdP pair and if an IdP is removed from the DS all pairs with that IdP is deleted as well.

Although not fully tested yet it seems to fulfill our reqirements without adding too much complexity to thiss.js?

Indicate unable to verify returning site

Seamless access in some cases will not know if users are send back to an "approved" URL.

SP's are requested to publish the allowed URLs a discovery service can send responses back to, however they are not required to do so - and thus it happens that we cannot verify. Given that this poses a security risk, we need to signal this to users.

We see three scenario's:

DiscoveryResponse info and the return URL is among them; UI should indicate that all is good;
DiscoveryResponse info and the return URL is not among them; UI should indicate that not all is good
DiscoveryResponse info and the return URL is not among them; UI should indicate that user should check themselves.

Given that we should not indicate that all is good, 1) is covered by our current flow.

For scenario 2/3 we will send the same message, the fact that we cannot identify return path from the origin.

The Continue button will send them back to the previous interaction/page.

`make setup` fails on Mac

Here are my logs from make setup:

[...]
8835 timing build:link:node_modules/nyc/node_modules/semver Completed in 11ms
8836 timing build:link:node_modules/nyc/node_modules/which Completed in 11ms
8837 timing build:link:node_modules/recast/node_modules/esprima Completed in 11ms
8838 timing build:link:node_modules/url-loader/node_modules/mime Completed in 11ms
8839 timing build:link:node_modules/webpack/node_modules/json5 Completed in 11ms
8840 timing build:link Completed in 17ms
8841 info run [email protected] install node_modules/fibers node build.js || nodejs build.js
8842 info run [email protected] install node_modules/node-sass node scripts/install.js
8843 info run [email protected] install node_modules/favicons/node_modules/sharp (node install/libvips && node install/dll-copy && prebuild-install) || (node-gyp rebuild && node install/dll-copy)
8844 info run [email protected] install node_modules/watchpack-chokidar2/node_modules/fsevents node install.js
8845 info run [email protected] install node_modules/webpack-dev-server/node_modules/fsevents node install.js
8846 info run [email protected] install { code: 0, signal: null }
8847 timing build:run:install:node_modules/node-sass Completed in 815ms
8848 info run [email protected] install { code: 0, signal: null }
8849 timing build:run:install:node_modules/watchpack-chokidar2/node_modules/fsevents Completed in 1212ms
8850 info run [email protected] install { code: 0, signal: null }
8851 timing build:run:install:node_modules/webpack-dev-server/node_modules/fsevents Completed in 1210ms
8852 info run [email protected] install { code: 127, signal: null }
8853 info run [email protected] install { code: 1, signal: null }
8854 warn cleanup Failed to remove some directories [
8854 warn cleanup   [
8854 warn cleanup     '/Users/michiel/gh/TheIdentitySelector/thiss-js/node_modules/favicons/node_modules/sharp',
8854 warn cleanup     [Error: ENOTEMPTY: directory not empty, rmdir '/Users/michiel/gh/TheIdentitySelector/thiss-js/node_modules/favicons/node_modules/sharp'] {
8854 warn cleanup       errno: -66,
8854 warn cleanup       code: 'ENOTEMPTY',
8854 warn cleanup       syscall: 'rmdir',
8854 warn cleanup       path: '/Users/michiel/gh/TheIdentitySelector/thiss-js/node_modules/favicons/node_modules/sharp'
8854 warn cleanup     }
8854 warn cleanup   ]
8854 warn cleanup ]
8855 timing reify:rollback:createSparse Completed in 5099ms
8856 timing reify:rollback:retireShallow Completed in 1ms
8857 timing command:install Completed in 178703ms
8858 verbose stack Error: command failed
8858 verbose stack     at ChildProcess.<anonymous> (/Users/michiel/.volta/tools/image/node/20.11.0/lib/node_modules/npm/node_modules/@npmcli/promise-spawn/lib/index.js:53:27)
8858 verbose stack     at ChildProcess.emit (node:events:518:28)
8858 verbose stack     at maybeClose (node:internal/child_process:1105:16)
8858 verbose stack     at Socket.<anonymous> (node:internal/child_process:457:11)
8858 verbose stack     at Socket.emit (node:events:518:28)
8858 verbose stack     at Pipe.<anonymous> (node:net:337:12)
8859 verbose pkgid [email protected]
8860 verbose cwd /Users/michiel/gh/TheIdentitySelector/thiss-js
8861 verbose Darwin 23.4.0
8862 verbose node v20.11.0
8863 verbose npm  v10.2.4
8864 error code 127
8865 error path /Users/michiel/gh/TheIdentitySelector/thiss-js/node_modules/fibers
8866 error command failed
8867 error command sh -c node build.js || nodejs build.js
8868 error gyp info it worked if it ends with ok
8868 error gyp info using [email protected]
8868 error gyp info using [email protected] | darwin | x64
8868 error gyp info spawn /Users/michiel/.pyenv/shims/python2
8868 error gyp info spawn args [
8868 error gyp info spawn args   '/Users/michiel/gh/TheIdentitySelector/thiss-js/node_modules/node-gyp/gyp/gyp_main.py',
8868 error gyp info spawn args   'binding.gyp',
8868 error gyp info spawn args   '-f',
8868 error gyp info spawn args   'make',
8868 error gyp info spawn args   '-I',
8868 error gyp info spawn args   '/Users/michiel/gh/TheIdentitySelector/thiss-js/node_modules/fibers/build/config.gypi',
8868 error gyp info spawn args   '-I',
8868 error gyp info spawn args   '/Users/michiel/gh/TheIdentitySelector/thiss-js/node_modules/node-gyp/addon.gypi',
8868 error gyp info spawn args   '-I',
8868 error gyp info spawn args   '/Users/michiel/.node-gyp/20.11.0/include/node/common.gypi',
8868 error gyp info spawn args   '-Dlibrary=shared_library',
8868 error gyp info spawn args   '-Dvisibility=default',
8868 error gyp info spawn args   '-Dnode_root_dir=/Users/michiel/.node-gyp/20.11.0',
8868 error gyp info spawn args   '-Dnode_gyp_dir=/Users/michiel/gh/TheIdentitySelector/thiss-js/node_modules/node-gyp',
8868 error gyp info spawn args   '-Dnode_lib_file=/Users/michiel/.node-gyp/20.11.0/<(target_arch)/node.lib',
8868 error gyp info spawn args   '-Dmodule_root_dir=/Users/michiel/gh/TheIdentitySelector/thiss-js/node_modules/fibers',
8868 error gyp info spawn args   '-Dnode_engine=v8',
8868 error gyp info spawn args   '--depth=.',
8868 error gyp info spawn args   '--no-parallel',
8868 error gyp info spawn args   '--generator-output',
8868 error gyp info spawn args   'build',
8868 error gyp info spawn args   '-Goutput_dir=.'
8868 error gyp info spawn args ]
8868 error Traceback (most recent call last):
8868 error   File "/Users/michiel/gh/TheIdentitySelector/thiss-js/node_modules/node-gyp/gyp/gyp_main.py", line 16, in <module>
8868 error     sys.exit(gyp.script_main())
8868 error   File "/Users/michiel/gh/TheIdentitySelector/thiss-js/node_modules/node-gyp/gyp/pylib/gyp/__init__.py", line 545, in script_main
8868 error     return main(sys.argv[1:])
8868 error   File "/Users/michiel/gh/TheIdentitySelector/thiss-js/node_modules/node-gyp/gyp/pylib/gyp/__init__.py", line 538, in main
8868 error     return gyp_main(args)
8868 error   File "/Users/michiel/gh/TheIdentitySelector/thiss-js/node_modules/node-gyp/gyp/pylib/gyp/__init__.py", line 514, in gyp_main
8868 error     options.duplicate_basename_check)
8868 error   File "/Users/michiel/gh/TheIdentitySelector/thiss-js/node_modules/node-gyp/gyp/pylib/gyp/__init__.py", line 130, in Load
8868 error     params['parallel'], params['root_targets'])
8868 error   File "/Users/michiel/gh/TheIdentitySelector/thiss-js/node_modules/node-gyp/gyp/pylib/gyp/input.py", line 2783, in Load
8868 error     variables, includes, depth, check, True)
8868 error   File "/Users/michiel/gh/TheIdentitySelector/thiss-js/node_modules/node-gyp/gyp/pylib/gyp/input.py", line 399, in LoadTargetBuildFile
8868 error     includes, True, check)
8868 error   File "/Users/michiel/gh/TheIdentitySelector/thiss-js/node_modules/node-gyp/gyp/pylib/gyp/input.py", line 271, in LoadOneBuildFile
8868 error     aux_data, includes, check)
8868 error   File "/Users/michiel/gh/TheIdentitySelector/thiss-js/node_modules/node-gyp/gyp/pylib/gyp/input.py", line 308, in LoadBuildFileIncludesIntoDict
8868 error     LoadOneBuildFile(include, data, aux_data, None, False, check),
8868 error   File "/Users/michiel/gh/TheIdentitySelector/thiss-js/node_modules/node-gyp/gyp/pylib/gyp/input.py", line 251, in LoadOneBuildFile
8868 error     None)
8868 error   File "/Users/michiel/.node-gyp/20.11.0/include/node/common.gypi", line 1
8868 error     incremental linking
8868 error                       ^
8868 error SyntaxError: invalid syntax
8868 error gyp ERR! configure error 
8868 error gyp ERR! stack Error: `gyp` failed with exit code: 1
8868 error gyp ERR! stack     at ChildProcess.onCpExit (/Users/michiel/gh/TheIdentitySelector/thiss-js/node_modules/node-gyp/lib/configure.js:345:16)
8868 error gyp ERR! stack     at ChildProcess.emit (node:events:518:28)
8868 error gyp ERR! stack     at ChildProcess._handle.onexit (node:internal/child_process:294:12)
8868 error gyp ERR! System Darwin 23.4.0
8868 error gyp ERR! command "/Users/michiel/.volta/tools/image/node/20.11.0/bin/node" "/Users/michiel/gh/TheIdentitySelector/thiss-js/node_modules/.bin/node-gyp" "rebuild" "--release"
8868 error gyp ERR! cwd /Users/michiel/gh/TheIdentitySelector/thiss-js/node_modules/fibers
8868 error gyp ERR! node -v v20.11.0
8868 error gyp ERR! node-gyp -v v3.8.0
8868 error gyp ERR! not ok 
8868 error node-gyp exited with code: 1
8868 error Please make sure you are using a supported platform and node version. If you
8868 error would like to compile fibers on this machine please make sure you have setup your
8868 error build environment--
8868 error Windows + OS X instructions here: https://github.com/nodejs/node-gyp
8868 error Ubuntu users please run: `sudo apt-get install g++ build-essential`
8868 error RHEL users please run: `yum install gcc-c++` and `yum groupinstall 'Development Tools'` 
8868 error Alpine users please run: `sudo apk add python make g++`
8868 error sh: nodejs: command not found
8869 verbose exit 127
8870 timing npm Completed in 178888ms
8871 verbose unfinished npm timer reify 1712897235808
8872 verbose unfinished npm timer reify:build 1712897408122
8873 verbose unfinished npm timer build 1712897408125
8874 verbose unfinished npm timer build:deps 1712897408125
8875 verbose unfinished npm timer build:run:install 1712897408172
8876 verbose unfinished npm timer build:run:install:node_modules/fibers 1712897408172
8877 verbose unfinished npm timer build:run:install:node_modules/favicons/node_modules/sharp 1712897408192
8878 verbose code 127
8879 error A complete log of this run can be found in: /Users/michiel/.npm/_logs/2024-04-12T04_47_15_623Z-debug-0.log

I'm trying to work out what the underlying error is, seems to be related to the fibers package.

Contenthash in filenamse

We should add [contenthash] to filenames generated by webpack to ensure new builds are downloaded by clients.

add a method to remove all entries for a context in PersistenceService

PersistenceService.clear(context) should remove all entries for a context.

Docker images of recent versions missing

The documentation refers to docker images at docker.sunet.se/thiss-js.

Only a specific assortment of versions is available in the docker registry:

root@auth:/srv/ppa_satosa# docker pull docker.sunet.se/thiss-js:1.1.1
1.1.1: Pulling from thiss-js
5893bf6f34bb: Pull complete 
40a5eb7ce23e: Pull complete 
cfade15811c0: Pull complete 
de51ec46f0c9: Pull complete 
8532c9abc7d8: Pull complete 
Digest: sha256:d230ac6f8072e55f2fa2ded6db9be569d53e5514dc20dfe85c6b5317f5f3ce90
Status: Downloaded newer image for docker.sunet.se/thiss-js:1.1.1
docker.sunet.se/thiss-js:1.1.1
root@auth:/srv/ppa_satosa# docker pull docker.sunet.se/thiss-js:1.1.3
Error response from daemon: manifest for docker.sunet.se/thiss-js:1.1.3 not found: manifest unknown: manifest unknown
root@auth:/srv/ppa_satosa# docker pull docker.sunet.se/thiss-js:1.2.0.
Error response from daemon: manifest for docker.sunet.se/thiss-js:1.2.0. not found: manifest unknown: manifest unknown
root@auth:/srv/ppa_satosa# docker pull docker.sunet.se/thiss-js:1.2.0
Error response from daemon: manifest for docker.sunet.se/thiss-js:1.2.0 not found: manifest unknown: manifest unknown
root@auth:/srv/ppa_satosa# docker pull docker.sunet.se/thiss-js:1.2.1
Error response from daemon: manifest for docker.sunet.se/thiss-js:1.2.1 not found: manifest unknown: manifest unknown
root@auth:/srv/ppa_satosa# docker pull docker.sunet.se/thiss-js:1.3.0
1.3.0: Pulling from thiss-js
1c2ec57f6e80: Pull complete 
c3b14ea1cf44: Pull complete 
2f78e87ad565: Pull complete 
a5cf6dec717e: Pull complete 
311560a9a85f: Pull complete 
Digest: sha256:97d2eaefca518f540834e8a729a67e59b3cf3040e46df0f15af433493448a7d1
Status: Downloaded newer image for docker.sunet.se/thiss-js:1.3.0
docker.sunet.se/thiss-js:1.3.0
root@auth:/srv/ppa_satosa# docker pull docker.sunet.se/thiss-js:1.3.1
Error response from daemon: manifest for docker.sunet.se/thiss-js:1.3.1 not found: manifest unknown: manifest unknown
root@auth:/srv/ppa_satosa# docker pull docker.sunet.se/thiss-js:1.3.2
Error response from daemon: manifest for docker.sunet.se/thiss-js:1.3.2 not found: manifest unknown: manifest unknown
root@auth:/srv/ppa_satosa# docker pull docker.sunet.se/thiss-js:1.4.0
Error response from daemon: manifest for docker.sunet.se/thiss-js:1.4.0 not found: manifest unknown: manifest unknown
root@auth:/srv/ppa_satosa# docker pull docker.sunet.se/thiss-js:1.4.1
Error response from daemon: manifest for docker.sunet.se/thiss-js:1.4.1 not found: manifest unknown: manifest unknown

There should be a process that ensures these images are built whenever a new release is made.

Alternatively, documentation should be updated to clearly state that these images should not be used, because they are not maintained.

Maybe 1.3.0 also is the latest version that should be used, although the latest tag seems to refer to yet another build...

Missing @font-face

Issue: CSS is missing @font-face that should point font to Libre Franklin, rendered font defaults to computer default.

Solution: Add @font-face to css that points to correct font files.

mdq_browser problems

The mdq_browser provided in the documentation "all in one" solution, is causing problems in its execution, it ends up not recognizing the pyff entities route, and therefore, it does not render any information, and its api is unavailable. To solve the problems, the mdq was not used, for this, the following approach was adopted:

image: docker.sunet.se/thiss-js:1.6.2
container_name: thiss
ports:
- "80:80"
environment:
- MDQ_URL=http://fqdn:8080/metadata/
- BASE_URL=http://fqdn/
- STORAGE_DOMAIN=domain/
- SEARCH_URL=http://fqdn:8080/role/idp.s
volumes:
- ./debug/thiss/dist:/dist

In FQDN:8080 is the functional pyff, using the generated Docker build of pyff individually. The pyff docker configuration is in the same file as thiss (docker-compose) and looks like this:

pyff:
build: ../docker-pyff/.
ports:
- "8080:8080"
container_name: pyff-api

Returning to the context of thiss, the dist directory was mapped, so that it was possible to change (in code) the following files: thiss.js and vendors~~cta~~ds~index_7330c2dc291c19a00908.js. The change is related to the thiss search pattern, which was changed from "=?q" to "?query=" so that the "SEARCH_URL" route could be used.
The application is functional, however it does not use MDQ, which creates complications in the process of adding new metadata to pyff (since it provides the necessary APIs). Given this context, what would be the best solution for this case? Are there more up-to-date images regarding MDQ? Are there other settings needed?

theidentityselector / thiss-js Goto Github PK

thiss-js's People

Contributors

Stargazers

Watchers

Forkers

thiss-js's Issues

. The examples are not headers, code them as something else to not confuse screen readers.

Recommend Projects

Recommend Topics

Recommend Org

.
The examples are not headers, code them as something else to not confuse screen readers.