Facebook page popup is blocked. Add button?

Description

We've messed with the tests a bunch as we were setting up our staging environment. They are currently failing. We need to get them back up as well as write better tests.

Tips

• Investigate failures here: https://travis-ci.org/codeforamerica/bizfriendly-api
• Travis settings are at: https://github.com/codeforamerica/bizfriendly-api/settings/hooks

Description

We should save certain attributes for use outside of the lessons. ie URL of Facebook pages.

Files

bizfriendly/models.py

Description

Setup a staging environment on heroku, similar to production. Setup Travis CI to automatically deploy to staging environment on a successful build.

Files

.travis.yml
test.py

Skills Needed

Python, Heroku, Travis

Tips

• Heroku multiple environment deploys
• Travis CI deployments. blog post about deploying from travis

Description

Right now for certain steps we need to remember certain data for later. I set up a temp database to handle that. I'm sure its not the right way to do it. What do you think? Should we create a user object and add it to that? Should it just be saved in memory?

Files

howtocity/init.py

Skills Needed

Python, Postgres

Tips

• Ask smart people what to do.

Description

We are checking the service endpoints once a second, until sixty seconds pass when we return a timeout. The request will just repeat though. We need to add progressive timeouts, so that the second time the request comes in, we only check every five seconds. Next time we check every thirty seconds. All incase the user walks away.

Files

howtocity/init.py

Skills Needed

Python

Tips

• Figure out all the edge cases about api request timing.
• Should probably add a 'Are you there?' modal to the frontend.

I'm going to need all the help I can get on How to City. To encourage others to help out in their spare time, I need to the README to really grab them and hold their hands.

More jokes, more clear instructions, more big picture why its important.

Description

Our tests include creating Test Users. For security reasons, I don't allow deleting of the users from tests. We need a cron job that deletes users with the name Test User every night.

DELETE FROM bf_user WHERE name = 'Test User';

We need to have an initial set of experiences and skills we want to teach.

Description

For proper handover, BizFriend.ly needs to be fully documented.

• Research best documentation tools
• Describe high level purpose of each section
• Function level documentation

Description

Trello has a slightly different api. We'll need to handle it within our steps types code.

Tips

https://trello.com/docs/api/member/index.html#get-1-members-idmember-or-username-boards

Description

We need to refactor all of the endpoints used in the lesson steps. They are currently pretty specific to the lesson they were first coded for. For example, the check_for_new
endpoint does three different things. It first checks for a new addition to a specific api resource. Then it saves that to a temp db table, then returns two additional resource endpoints for use in the feedback. Those should be three different functions.

I don't yet know how to chain them together though. Through three different javascript calls? Should those flags be contained in the step information? Multiple step types at once?

Skills Needed

Python, Flask, API design

Description

Each request to our backend endpoints should have two responses:

1. An expected response.
2. A timeout response.

Files

howtocity/init.py

Skills Needed

Python, Flask, Hanging get technique

Tips

• Research hanging get / long polling best practices.
• Pick the best time out technique.
• Review each endpoint to make sure it offers these two responses.

We need a way to nicely add content to our site. A simple form should do the trick. It would be really cool to start on the prototype of a lesson builder. Maybe keep triggers out of it for now.

Description

We are sending plaintext passwords from our website to our server for encryption. We need to send them via HTTPS or we are doing it wrong.

We need to buy an SSL cert first. Do we have an account with someone?

Extended instructions here: https://devcenter.heroku.com/articles/ssl-endpoint

Tips

• Purchase an SSL certificate from your SSL provider.
• Provision an SSL Endpoint from Heroku https://addons.heroku.com/ssl
• Upload the cert to Heroku
• Update your DNS settings to reference the new SSL Endpoint URL http://register.ly/

Description

We power our whole service off an API. The database schema we use is still under development. I'm sick of having to retype everything every time I update it! A database migration manager will help retain data whenever we make amendments to the schema.

Skills Needed

Postgres, Python, Flask, DBA

Tips

• Alembic is the recommended tool for our Flask app.

Remove old code version from the repo

howtocity/init.py
howtocity/

Details

The check for new step is now broken for Facebook and Trello. Something in the Foursquare Tips fix broke it.

To replicate.

Go through the Facebook and Trello lessons. When creating a FB page or a new Trello board, we get an error. When you go to the next step, then back to the check for new step, the correct feedback shows up.

To Fix

• Write tests for every step type.
• Review that Foursquare commit for new errrors.

Description

We use OAuth.io for our auth. Here is the list of services they provide access to. https://oauth.io/api/providers

Add a list of interactive lessons to the Documentation.

Description

Need to give quick response to created content.

We need to email a link thanking them for their contribution as well as show their services and skills on the profile page.

Files

bizfriendly/routes.py

Examples

• Add on to the new_content_email route to also email the creator.
• Show services and skills on profile.html

Description

We need to properly implement CORS. Right now its wide open.

Files

howtocity/init.py

Skills Needed

Flask, Security, API Design

Tips

• Review CORS best practices.

Description

We need to take regular database backups. Once a week is good.

Skills Needed

Heroku, Postgres

Tips

• Heroku does daily backups, but only keeps the last week. https://addons.heroku.com/pgbackups
• We need to set up scripted manual weekly backups. https://devcenter.heroku.com/articles/pgbackups
• Put these backups up on s3.

Description

We need to handle many different OAuth implementations through our API. I envision having a standard endpoint such as howtocity.org/foursquare/login or howtocity.org/expensify/login Hitting this endpoint will run the user through the appropriate login process. It should return an access token that can be appended to each API call to that service. Refer to OAuth.io to see an example of how we are currently handling OAuth on the front end.

Skills Needed

Python, Flask, OAuth, API Design

Tips

• Flask-OAuth is the best place to start.
• Create howtocityAPI/foursquare/login endpoint for each service
• Should have a small popup on the front end.
• Response should be an access_token string.

Description

@ycombinator suggest that all incoming authentication request need to include a realm attribute.

Files

js/BfUser.js
bizfriendly/init.py

Tips

• Review http://en.wikipedia.org/wiki/Basic_access_authentication
• Add the correct header to _tokenPost on frontend
• Require the realm attribute on all incoming auth requests.

Front page > Learn, Teach, Community > Lessons, Lesson builders, Forums

Redo this lesson with correct object oriented architecture.

The create-just-user-model branch #29 has some code commented out in function "record_step" that comes close to this, but the db models aren't quite right.

http://docs.sqlalchemy.org/en/rel_0_8/orm/relationships.html
This explains how to set up the relationships. We want to track what steps of what lessons users are on.

There were a few of these services discussed on Hacker News. I need to try them out and see if they will fit our needs.

http://oauth.io/
https://foauth.org/
https://www.dailycred.com/

Description

Our admin login page is ugly! Let's make it look like the rest of the admin page at least.

Files

bizfriendly/templates/login.html

Tips

• Review flask-login docs https://flask-login.readthedocs.org/en/latest/
• Use bootstrap to mimic existing admin page

Description

Every request to our API should generate a log entry. Any errors generated should create an entry as well.

Files

logs/requests.log logs/error.log

Skills Needed

Python, Logging

Tips

• Review Flask's built in logging. http://flask.pocoo.org/docs/errorhandling/
• Write every request we receive to a file.
• Write all errors generated to a file.

The user table name is listed as bf_user but should be htc_user.

Details

We need to add validation and sanitation to the sign up form. Works in tandem with #47

Use regex to validate email and prevent against bad SQL attacks.

Tips

• Add sanitation on the backend to prevent SQL injection.

Travis CI fails now that we've attached a database. Need to figure out the proper config setup.
http://about.travis-ci.org/docs/user/database-setup/

Description

Do a pass of all the endpoints to ensure they have the correct headers, content-type, etc.

Skills Needed

REST API Design

Tips

• Content type for responses should be application/json
• Request headers from front end should be ???

I need to be notified when an API changes. There must be a servie out there that does this for me.

Description

Our lessons have gotten a professional once over via the talented @SheilaLDugan. To support this great content, we need to add new attributes to the Lesson class.

Files

howtocity/init.py

Skills Needed

Python, Alembic, Postgres

New Columns to Add

• Short Description
• Long Description
• Time
• Difficulty
• Additional Resources
• Warnings

Certain Foursqaure links open up in the parent window. This hides both the foursquare popup and our instructions. :(

We have a very simple status report that we'd like for Bizfriendly to publish, that will allow us to observe the app and know if anything has gone wrong.

Add a new URL to the site, here:
/.well-known/status

…and have it respond with a JSON structure that looks like this:

    {
            "status": "ok",
            "updated": 1380064049,
            "dependencies": [ ],
            "resources": { }
    }

Status "ok" should be representative, so if (for example) the project has a database attached, "ok" should mean that the database connection has been checked. We don't want the app to be entirely broken except for the part that says "ok". Updated should be a unix timestamp so we know if we're getting a stale response from any kind of cache.

Dependencies and resources are undefined for now, but should ultimately provide information about capacities of attached resources such as databases, and 3rd party dependencies like email services.

Here's an example that's running right now:
http://www.codeforamerica.org/.well-known/status

Description

There are three points where we upload images when creating lessons. Each of these needs to have its own rules around image sizes.

Files

bizfriendly/routes.py

Example

The images within the lesson need to fit in the popup window, so less than 340. In the service page, we upload both icons and larger media. Review the needs here.

Current code is below.

# Check image size
    img = Image.open("tmp/"+file.filename)
    # get the image's width and height in pixels
    width, height = img.size
    if width > 260:
        response = {}
        response["message"] = "Image too wide."
        return make_response(json.dumps(response), 401)

Description

During several of our live demos, when we created the Facebook page, the feedback would not show. My best guess is due to the sloppy refactor of the check_for_new function. It used to fire for 60 seconds before returning a timeout. An earlier bug, now resolved, caused errors yet we wouldn't get the notice for 60 seconds. As part of that fix, I reduced the timing down to 5 seconds. Unfortunately, due to the current way the function works, that results in a one in five chance the created page will not trigger the right feedback.

How to reproduce

Create hella Facebook pages. You'll notice that about one fifth of the time, the app won't catch it.

Files

howtocity/init.py > check_for_new()

Skills Needed

Python

Tips

• Refactor to get the count of facebook pages the user has once, at the beginning of the step, instead of every five seconds.

Description

Right now we are using the lesson.url field for the name of the service. We should add another field for the service and use the url field for its intended purpose.

Skills Needed

Flask, Python, Postgres, Alembic

Files

howtocity/init.py

Tips

• Change the Lesson class
• Use alembic to track the db changes.
• Update the local, staging, and production database.
• Update the frontend to use the new column name.

Even though the instructions won't work on mobile with our current tech, our main site should.

Our service doesn't work yet on mobile. We need to let people know that.

Description

Every so often the api takes a while to respond. Is this related to Heroku db going to sleep? Perhaps add another worker.

Skills

Heroku

Tips

• https://blog.heroku.com/archives/2013/6/20/app_sleeping_on_heroku

Ariel designed a nice UI for each step in a lesson. We need to write the correct javascript to make it real.

Description

Sometimes we receive an error when trying to record the completion of a lesson.

To replicate

1. Run through a lesson
2. On the final step, when you get to completion, open your javascript console.
3. You should see XMLHttpRequest cannot load https://howtocity.herokuapp.com/record_step. Origin http://bizfriend.ly is not allowed by Access-Control-Allow-Origin.

Files

bizfriendly/routes.py record_step()

Clues

It seems to work fine if you login to a lesson, then click on the last steps dot. It has something to do with clicking next to get to the final step.

Ariel created a new board and our app returned the wrong title. Check the new alphabetical code.

Description

When someone creates some new content, we should get an email notification. We need to quickly review the submission and publish it.

We currently submit drafts through the API, so we need to make another call to an endpoint that emails us.

Files

bizfriendly/routes.py, js/teach.js

• Add an additional endpoint that emails us new when new content is created
• Add a call to that endpoint on successful submissions on the frontend.

Description

When a request to our app generates an error on the server, such as not having an access token or whatever, the front end doesn't see this error. Instead it gets a a CORS error, which isn't correct or descriptive of the real problem.

Example

XMLHttpRequest cannot load http://howtocity.herokuapp.com/get_remembered_thing?access_token=null. Origin http://codeforamerica.github.io is not allowed by Access-Control-Allow-Origin.

How to duplicate

1. Go to a lesson http://codeforamerica.github.io/howtocity-web/instructions.html?2
2. Don't login, just skip a few steps ahead.
3. Open the console and wait a few seconds.

Files

howtocity/init.py

Skills Needed

Flask, Security, Testing

Tips

• We need to build in more descriptive error messages into our api endpoints.
• These errors shouldn't trigger bad CORS requests.
• Our tests should cover these errors.