appirio-tech / accounts-app Goto Github PK
View Code? Open in Web Editor NEWaccounts.topcoder.com
accounts.topcoder.com
We are currently using this in two of our apps - https://github.com/topcoder-platform/Lauscher and https://github.com/topcoder-platform/vorbote where both apps have built the ui using reactjs.
While this module works fine during development, when the app is built, we get the following build error:
> react-scripts build
Creating an optimized production build...
Failed to compile.
Failed to minify the code from this file:
./node_modules/tc-accounts/connector/connector-wrapper.js:4
Read more here: http://bit.ly/2tRViJ9
cc @cwdcwd
In the skill picker page, after activation of an account please detail the Cognitive option to On.
We need to streamline the SSO login and registration flows. Here is how we should handle it:
SSO login and registration should be a single form. Currently it is 2 separate forms. So, we should just have a "Login with SSO" form.
If a user attempts to login with sso and they don't have an account, we should automatically create a topcoder account for them. This will mimic the registration form in terms of creating the user, but the user should not have to enter any info.
- We should get the info from their sso provider.
- We should generate a handle for them using first name and last initial. We'll need logic to make sure we produce unique handles, abide by the character constraints, and 15 char max.
- Users should be auto activated.
- No activation email should be sent. Only the welcome email.
NOTE:
If the full automation is more than a couple days of work, then let's come up with an incremental solution. For example, we could still reduce it to a single sso login form but instead of fully creating the user record we could still return the user to our registration form (without the social login options) with as much info populated as possible. And then the user would still have to submit the form.
Case 1. If a user has two accounts with the same email address, from which one is active and other is inactive and tries to reset the password.
Expected solution: In case 1, reset password functionality should associate the password with the active account.
Case 2: If there are more than 2 active accounts of a user with the same email and a user tries to reset the password.
Expected solution: In case 2, reset password functionality should throw an error.
Currently its hard coded. so having different name on dev and prod are difficult.
Solution : Lets move this connection name to enviorment variable.
Describe.
The connect app should support the segment 4.1.0 javascript app to support user consent (below).
<script>
!function(){var analytics=window.analytics=window.analytics||[];if(!analytics.initialize)if(analytics.invoked)window.console&&console.error&&console.error("Segment snippet included twice.");else{analytics.invoked=!0;analytics.methods=["trackSubmit","trackClick","trackLink","trackForm","pageview","identify","reset","group","track","ready","alias","debug","page","once","off","on","addSourceMiddleware","addIntegrationMiddleware","setAnonymousId","addDestinationMiddleware"];analytics.factory=function(e){return function(){var t=Array.prototype.slice.call(arguments);t.unshift(e);analytics.push(t);return analytics}};for(var e=0;e<analytics.methods.length;e++){var t=analytics.methods[e];analytics[t]=analytics.factory(t)}analytics.load=function(e,t){var n=document.createElement("script");n.type="text/javascript";n.async=!0;n.src="https://cdn.segment.com/analytics.js/v1/"+e+"/analytics.min.js";var a=document.getElementsByTagName("script")[0];a.parentNode.insertBefore(n,a);analytics._loadOptions=t};analytics.SNIPPET_VERSION="4.1.0";
analytics.load("bkPtWMUMTYDhww2zsJluzxtdhtmSsyd9");
analytics.page();
}}();
</script>
Additionally,
The following process should be followed to implement consent manager
https://github.com/segmentio/consent-manager#standalone-script
Specifically:
Describe.
The current app is version 4.0.0.
Load any page.
Same message Thanks for joining Topcoder.
is being rendered for both sso and non sso users after successful registration.
Hi Team,
I am facing Usability Issue, LOG IN TO TOPCODER page linking to the standard login page.
I have attached screen shot for reference. Please Check.
Join_Now_Login_Usability_Issue.docx
Thanks!
Deepak Anbarasan
Would be useful for warning and informational messages
I have already asked about it in some channels on Slack, but as it did not result in any changes, I open this ticket here :)
Right now, when authentication is handled by accounts connector, Topcoder auth token v2 is written into tcjwt
cookie, under topcoder.com / topcoder-dev.com
domains, but auth token v3 is written into v3jwt
cookie under accounts.topcoder.com / accounts.topcoder-dev.com
domains. As the result, when the user of connector sends a request to the server (from its own subdomain of topcoder.com
), only tcjwt
cookie is sent along with the request, while v3jwt
is not (because it is explicitely set for a different subdomain). Can we ensure that v3jwt
cookie is set for topcoder.com / topcoder-dev.com
domains as well?
From @deepakanbarasan1 on March 8, 2018 13:23
Describe.
Topcoder member should login successfully in Microsoft Edge 38 and Internet Explorer: 11.
Describe.
Topcoder member is not able to login successfully in Microsoft Edge 38 and Internet Explorer: 11.
Note: Topcoder member able to login successfully in Microsoft Edge 40.15063.674.0
Copied from original issue: appirio-tech/connect-app#1860
New member registration via Google OAuth is not working.
New Sign up page
https://accounts.topcoder.com/member/registration
// This function is throwing error. the identities array is empty in auth.js
function extractSocialUserData(profile, accessToken) {
var socialProvider = profile.identities[0].connection;
}
When using our login page in Chrome on an iPhone the login button is not active.
In efforts to have single login/registration pages and having progressive registration implemented in Projects app(Connect), we should now remove the Projects app specific pages from accounts app.
As a user, I can ask TC to resend the activation email.
Right now, we hard code the retUrl and afterActivationURL in the accounts app. This means that the user is always sent back to the main my-dashboard page. This doesn't work well for situations when the user is starting on another site/page, like cognitive.topcoder.com and we want to keep them on that site.
Let's add support for the following:
After the user registers, return them to the page they came from. We should be able to support this if we make the retUrl work on the register links. For example, https://accounts.topcoder.com/member/registration?retURL=https://cognitive.topcoder.com would return to https://cognitive.topcoder.com after the registration form was submitted.
When the user activates their account, direct them back to a specified URL. I see the /users api supports an "afterActivationURL" param that handles this. However, the accounts app does not support this. The requirement to to have the activation link in the activation email included a custom retUrl. For example, https://api.topcoder.com/pub/activation.html?code=123KJHH&retUrl=https://cognitive.topcoder.com
https://topcoder.atlassian.net/browse/VULN-1981
and
https://topcoder.atlassian.net/browse/VULN-1547
1547 is fixed on the api side, but the access mechanism is still broken.
Since last few releases, we are observing multiple instance of following error in console. Though they does not seem to do any significant harm right now, it is better to handle it by identifying the root cause of it and fixing it.
app.c20966f….js:sourcemap:438 Error: transition prevented at L [as $get] (app.c20966f….js:sourcemap:23) at Object.a [as invoke] (app.c20966f….js:sourcemap:436) at app.c20966f….js:sourcemap:436 at n (app.c20966f….js:sourcemap:436) at r (app.c20966f….js:sourcemap:436) at Object.a [as invoke] (app.c20966f….js:sourcemap:436) at app.c20966f….js:sourcemap:436 at c (app.c20966f….js:sourcemap:436) at le (app.c20966f….js:sourcemap:436) at a (app.c20966f….js:sourcemap:436) "Possibly unhandled rejection: {}"
User is not able to Register using Github Login.
Browser Information:
User record is found in Auth0, but no information was populated in the Registeration Form.
This is not an issue
Added new labels for qa-accessibility
project
Steps to reproduce this issue are:
Please check and fix the issue.
Steps to reproduce -
Notice that though we provided retUrl during registration still the activation URL is redirecting to Connect Home page instead of specific project's page.
Fyi - @mtwomey
ref - https://github.com/appirio-tech/accounts-app/blob/dev/app/scripts/tc/register.controller.js#L170
Currently, we're only handling wipro adfs from the front end. We need to support any sso provider that we have configured.
Based on the domain, the appropriate sso provider should be used. If this will take more than a day, let's start by enabling wipro adfs as well as our sfdc.
If a user attempts to register a new account with a wipro.com email address, we should force them into the SSO login/reg flow and prevent them from creating a non-sso account with a wipro.com address.
We should implement this generically so that we can support other sso domains too. For wipro's case, we want to mandate it. For other sso providers, it might be optional. We should have some kind of setting on the sso_provider that will allow us to generically check if we should force them to the sso flow for a given provider/domain.
It has been reported by our security softwares that this domain doesn't contains CSP as response headers, Though this domain accounts.topcoder.com is not in use any more and just redirects to new login page still creating this issue to keep track and could be resolved once we remove entry for this domain from Route53
For more details follow here https://topcoder.atlassian.net/browse/VULN-1938
As of now we are making the SFDC lead creation call only when the call to the member trait creation is successful which is causing data to be missing for some users in SFDC when the member trait creation fails and we loose the data from both places.
We should be calling both APIs in parallel so that we can have better chances of data being ingested in one of the systems.
fyi @fnisen @vic-topcoder
isUrl returns false for http://localhost:3000
and validateUrl returns false for http://127.0.0.1:3000/
. This make running locally more cumbersome - because the callbacks after logging in do not work properly.
I suggest updating to allow these.
Created as reference - Pls refer topcoder-platform/community-app#4307 for details.
As of now user can enter phone number in a format which is not acceptable by the member api (trait endpoint) which causes the api to fail while trying to create user trait.
Request:
Response:
In this particular example, I guess, the issue is missing +
as prefix of the business phone string.
Ideally, our front end validation should have prevented user entering such value or automatically append the +
.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.