Expose login url building to amp access service #9300
Conversation
|
Thanks for your pull request. It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). 📝 Please visit https://cla.developers.google.com/ to sign. Once you've signed, please reply here (e.g.
|
|
CLAs look good, thanks! |
|
Pushed again with a different email in the commit to be recognized by the CLA bot. |
| return this.timer_.timeoutPromise( | ||
| AUTHORIZATION_TIMEOUT, | ||
| this.xhr_.fetchJson(url, { | ||
| credentials: 'include', | ||
| requireAmpResponseSourceOrigin: true, |
There was a problem hiding this comment.
Are you sure we need to remove it? Usually this is a somewhat important piece of data, e.g. when more than one origin is supported by the same authorization services.
There was a problem hiding this comment.
Oh, I only removed this because AMP gives me a deprecation warning:
I looked for info on this ampCors property but couldn't find anything. So then I looked for a similar similar call on amp-access and just followed the same pattern so I just assumed this was the default now.
There was a problem hiding this comment.
Got it. DIdn't know it was deprecated, but makes sense.
|
@dvoytenko I was looking into this again and I thought I'd ask about this comment, in the Would the code changes I made here be a problem for this? As in, if we don't expose a Part of the reason why I came across this again is because I was looking into a way of not having |
|
So I think I've found a way to prevent that additional |
|
I fixed the tests locally but I don't entirely understand the reason why they are failing in CI. I didn't make any config related changes (which is what the error message is about). |
|
You'll need to rebase off of latest master to fix Travis. |
| * @return {!Promise} | ||
| */ | ||
| loginWithUrl(url, eventLabel = '') { | ||
| return this.login_(url, eventLabel); | ||
| loginWithUrl(url, eventLabel = '', noReturnUrl) { |
There was a problem hiding this comment.
You can't have non-default params after default. You have to move it up. Could you, though, explain why don't you need return URL?
There was a problem hiding this comment.
Sure! So going back a bit to the details of how our backend service works:
- we first send a request to our authorization endpoint with the
CANONICAL_URLandREADER_ID(and now,RETURN_URLtoo) - our authorization endpoint returns the "login urls" which in our case are essentially our purchase URLs for the different options (single article, time passes, subscriptions, etc). Here's an example of one from our development environment:
https://web.dev.laterpaytest.net/dialog/add?
use_dialog_api=False&
title=Lorem+Ipsum&
cp=laterpay&
pricing=EUR145&
url=http%3A%2F%2Flocalhost%3A8081%2Fexamples%2Farticle-access-laterpay.html&
ts=1495534548&
return_url=http%3A%2F%2Flocalhost%3A8081%2Fextensions%2Famp-access%2F0.1%2Famp-login-done.html%3Furl%3Dhttp%3A%2F%2Flocalhost%3A8081%2Fexamples%2Farticle-access-laterpay.amp.html%23success%3Dtrue&
article_id=premiumcontent%3A9aa68278-173a-48ec-be04-6b135654bfa9&
muid=amp-Irryr4n4MTYt8tgAClLDre8_g_LzB5_7nTx9Q8sWUPSeuoAb-rJ6UkMfuk_I6kI0&
hmac=5243e6e9f6bec6b08151c7d3efe37f7844159e2d840e4b435b2281b6
- Those urls already have the return URL baked in. That's why we need to send it on our initial authorization request.
- Because those urls are signed, if anything is changed in them, they won't be recognized as a valid URL by our payment dialog system
This is why we need to make sure that additional stuff isn't being added to the URL after we get it back from the authorization endpoint.
Does that make sense?
Also this was my suggestion of how to handle this particular issue but we're definitely open to suggestions of a better way of handling this problem (I'll be honest, I don't particularly like the way I found of handling this but it was the best I found without having to duplicate too much of the existing code on our component).
There was a problem hiding this comment.
I see. Here's how this now works. Let's see if it's possible at all to reconcile.
- We try to open login dialog ourselves as a popup. Return URL points to the "login-done" page that messages back to the parent page to refresh.
- (1) is an ideal scenario, but, in many cases, that doesn't work - the browser cannot or would not open a popup. E.g. a WebView or CCT. Instead, the browser would simply top-navigate to the login dialog. In this case, our "login-done" page further redirects back to the original page.
- We allow a parent web or native app to assist to show the login dialog. This is somewhat common for a webview. What happens in this case, we message back to the parent app with
loginUrl?return=RETURN_URL. The parent app substitutesRETURN_URLto whatever it can work with. It'd often be something likemy-native-app-protocol:some-return-code. Then everything works as before and the native app then messages back success/error code to the AMP runtime.
All three cases are completely equivalent from the point of view of the login dialog. But obviously, given the "signing" needs on your side that's not the case.
I see two ways forward:
a. You could whitelist ?return=RETURN_URL query parameter to be excluded from signing. E.g. we could always force it at the end of the URL and you'd chop it off before verifying signature. That would, of course, work if you don't see any security issue with the return redirect, which in turn would normally depend on what you pass back. But if you only pass back #success or such - probably not a security problem?
b. So far, I believe 1-2-3 above are simply variations on trying to do best effort to show login dialog better. We could force the login for you into options 1 or 2. But I need to check this. This might have been added for cases where launching login dialog via parent app was required for some purpose, other than just "enhancement".
What do you think about the option (a)?
trodrigues
force-pushed
the
master
branch
6 times, most recently
from
0882e96
to
f6dbc5d
Compare
|
Ok, so after the discussion we had on the other comments (which I now can't really find probably because I force pushed the branch over those changes), we managed to get our purchase dialog urls to ignore that extra I've cleaned up the tests and type hints on the first commit and made a couple of other fixes. Once this is merged I have another PR with a few other smaller unrelated fixes for the component, and once our backend fixes are all in production and we've made a proper test, if there's no objection I'll make a PR to remove the experimental flag. |
| * @return {!Promise<string>} | ||
| */ | ||
| export function getLoginUrl(ampdoc, urlOrPromise) { | ||
| const viewer = viewerForDoc(ampdoc); |
There was a problem hiding this comment.
Could you please create an internal function and use it both here and in openLoginDialog. It'd look something like this:
/**
* @param ...
* @return {!WebLoginDialog|!ViewerLoginDialog}
*/
function createLoginDialog(ampdoc, urlOrPromise) {
const viewer = viewerForDoc(ampdoc);
const overrideDialog = parseInt(viewer.getParam('dialog'), 10);
if (overrideDialog) {
return new ViewerLoginDialog(viewer, urlOrPromise);
}
return new WebLoginDialog(ampdoc.win, viewer, urlOrPromise);
}
export function openLoginDialog(ampdoc, urlOrPromise) {
return createLoginDialog(ampdoc, urlOrPromise).open();
}
export function getLoginUrl(ampdoc, urlOrPromise) {
return createLoginDialog(ampdoc, urlOrPromise).getLoginUrl();
}
|
@dvoytenko made the requested fix. Also created a separate PR with some other smaller fixes I had worked on in the meanwhile: #9633 |
* Bidtellect amp implementation… (ampproject#9518) * Bidtellect amp implementation… * removing renderStartImplemented… * spaces? * adding example * Fix test-amp-ad-network-doubleclick-impl (ampproject#9645) * Optimizations to speed up Travis PR builds (ampproject#9626) Travis builds have become slow during busy periods of the day due to various reasons. This PR does the following: Reorganizes build tasks across fewer build shards Reduces the number of VMs used by PR and master builds to 2 No longer does a full gulp dist for unit tests (Possible to do after ampproject#9404) Reduces the total CPU time used for PR builds to < 20 mins Fixes ampproject#9500 Fixes ampproject#9387 * Animations: full on-action API (ampproject#9641) * Animations: full on-action API * review fixes * Fix Validator tests on Travis, which now uses Node v4 (ampproject#9654) * Amp-imgur : Implement imgur embed (ampproject#9405) (ampproject#9434) * Amp-imgur : Implement imgur embed (ampproject#9405) * amp-imgur test code modified * amp-imgur validation code changed * fix amp-imgur lint check * Remove unused Layour variables * Test code modified * Ingegration amp-imgur extension * [amp-imgur] add resize logic * Remove 3p iframes and add resize message listener * Fix some code with reviews * change some syntax * change validation rules * add find event source * [amp-imgur] remove unnecessary code and add object check * remove spec_name from validation code * Remove unnecessary code and add owners file * Change required tag name to in validation file * data-imgurid -> data-imgur-id * Add whitelist for amp-imgur * remove unused AmpImgur import in test file * remove unused preconnect callback * Update amp-cors-requests.md (ampproject#9636) Added updates and corrections per Dima's feedback. * Expose login url building to amp access service (ampproject#9300) * Animations: support style keyframes (ampproject#9647) * Animations: support style keyframes * docs * review fixes * lints * Animations: subtargets format (ampproject#9655) * Animations: subtargets format * fix docs * Fix extern for integration test (ampproject#9657) * Remove whitelisted link for PR 9434 (ampproject#9656) * Add callouts for CORS + cleanup (ampproject#9591) * Add callouts for CORS + cleanup * Update amp-access.md * Doubleclick Fast Fetch: Send default safeframe version on ad request (ampproject#9613) * Send default safeframe version on ad request * fix test failure * amp-ima-video: Fixes some undefined variables in compiled extension (ampproject#9617) * Add experimental input-debounced to the actions and event doc (ampproject#9650) * Copy and rename compiled script directly for deprecated version (ampproject#9587) * Remove A4A Dependency on ads/_config.js (ampproject#9462) * Added doubleclick specific config * Modified other networks * Update MockA4AImpl * Remove unneeded config lines * Add cid, remove renderStartImplemented * Fix lint complaint * Changed from mandatory config to overrrideable method * Addressed feedback, modified getAdCid * Addressed additional feedback * Responded to feedback * Removed unnneeded guard against null value * Changed signature of function * Fixed lint issues * addressed comments * Addressed comments, fixed broken test * Change signature / update tests * Fix wrong contents and white spaces in amp-imgur.md (ampproject#9658) * Performance: separate ini-load from first visible ini-load (ampproject#9665) * amp-bind: Fix more integration tests (ampproject#9598) * more bind test fixes * include object.assign polyfill * move polyfills to separate file * replace use of map() from bind-validator with ownProperty() * fix types and test * Stop using IOS elastic scroll when slidescroll takes over animation (Only for the NON SNAP-POINTS flow) (ampproject#9668) * removing overflow touch on no-scroll for ios * Stop using IOS elastic scroll when slidescroll takes over animation (Only for the NON SNAP-POINTS flow) * make sure css is compiled before entry points (ampproject#9643) * update npm package version (ampproject#9671) * A4A: expose visibilityCsi (ampproject#9667) * A4A: expose visibilityCsi * tests * amp-bind: Fix embedding in FIF (ampproject#9541) * move element service changes from ampproject#9447 * store element service ids in extension struct * add unit test, fix other tests * Fix null value binding (ampproject#9674) * Add amp-form's submit action to the docs (ampproject#9675) * Write cookie for ad-cid. (ampproject#9594) * Write cookie for ad-cid. * fix tests * amp-access-laterpay fixes (ampproject#9633) * Add support for LaterPay subscriptions * Fix canonical link on laterpay example * Tweak default styling * Add an example locale message for the header * Fix indentation of JsDoc (ampproject#9677) It should be indented at the same level as the method it's documenting. * Add example to amp iframe docs (ampproject#9660) * Change image to static link hosted on ampproject.org * Update amp-iframe doc w example + gen cleanup * Adds SFG experiment branches to doubleclick-a4a-config.js. (ampproject#9662) * Added experiment branches corresponding to exp=a4a:(5|6). * Removed test file. * Removed changes to yarn.lock + minor fixes. * Fixed adsense-a4a-config.js. * Fixed return statement. * Removed reference to style tag for opacity (ampproject#9634) As style tag for `opacity` was replaced with `amp-boilerplate (back in this [commit](ampproject@0a056ca), updated the text to reflect those changes. * De-flake amp-bind integration tests (ampproject#9683) * split bind fixtures into one file per extension * fix width/height binding bug, avoid race condition w/ dynamic containers * actually, just skip the tests affected by race condition for now * Remove timer calls to prevent future flakiness (ampproject#9478) * Remove timer calls to prevent future flakiness * Revert the line order change * Poll instead of using stub callback constructor * Add jsdoc and rename variables * amp-animation: polyfill partial keyframes from CSS (ampproject#9689) * Animations: whitelist offset distance and regroup condition types (ampproject#9688) * Use Docker containers in Travis (ampproject#9666) * clean up web-worker experiment (ampproject#9706) * Load examiner.js when #development=2 (ampproject#9680) * Load examiner.js when #development=1 * address comments * Use development=2 * Fix presubmit * Implementation of amp-ad-exit (ampproject#9390) * Implementation of the amp-ad-exit component for managing ad navigation (ampproject#8515). Changes from the I2I: - Only RANDOM, CLICK_X, and CLICK_Y variables can be used, alongside custom vars. - It doesn't work well with <a> tags - the tap action doesn't trigger on middle clicks. Recommendation is to use other elements. - ClickLocationFilter for border click protection is not yet implemented. It will be added in a future change. The component does some lightweight validation of the JSON config when it's built. This may be overkill. Tested: gulp test --files 'extensions/amp-ad-exit/0.1/test/*' gulp check-types * Update JSDoc for some functions. Fix lint issue (ignore unused parameters in an interface method). * sinon.spy -> sandbox.spy * Add amp-ad-exit to the list of allowed extensions in A4A pages and fix validation rules. Address PR: add experiment flag; use camelCase for config properties address some comments Instantiate a new Filter for each spec. * Instantiate a new Filter for each spec. * remove duplicate doctype tag in example * Make ActionEventDef public for type annotations. * Add filter factory. * fix event var * update type annotation for Filter.filter * address PR comments * Move filter config validation to the ctor. Remove Filter.buildCallback(). * camelCase in documentation examples * Introducing "it.yield", a convenient way to test promise code (ampproject#9601) * Introduce yield. * Address comments. * fix done state error handling * Document amp-access as a special target (ampproject#9568) `amp-access` is a special target that's not mentioned in this document. It's special because you can't give an arbitrary ID to it, i.e., you can't just change the id of the `amp-access` script tag to `amp-access2` and expect `on="tap:amp-access2.login"` to work. Given that the "actions" for `amp-access` is a bit dynamic depending on the structure of the `amp-access` JSON, instead of listing out the actions in a tabular form, a reference to the `amp-access` documentation is added. * Run presubmit tests soon after building (ampproject#9716) * Revert "Use Docker containers in Travis (ampproject#9666)" (ampproject#9717) This reverts commit 98ecb9b. It turns out that while using Docker containers instead of VMs on Travis reduces VM startup time, it has significantly increased build and test time, increasing the overall PR check round trip from < 20 mins to > 30 mins. Compare https://travis-ci.org/ampproject/amphtml/jobs/238464404 (Docker) against https://travis-ci.org/ampproject/amphtml/jobs/238462066 (VM). Fixes ampproject#9651 * Validator Rollup (ampproject#9719) * Add validator tests for amp-imgur. * Disallow amp-embed as child of amp-app-banner. * Minor cleanup, Make sure our set numbers are consistent in javascript. * amp-state: Allow both `src` and script child (ampproject#9721) * adapt code from ampproject#8897 * also_requires_attr should be in trigger * Remove experiment for input-debounced. Update docs. (ampproject#9724) * Validator Rollup (ampproject#9727) * Minor cleanup of amp-ad-exit * Disallow amp-ad/amp-embed as children of amp ad containers when data-multi-size is present. * Revision bump * Enabling dynamic queryparam addition to anchour links (ampproject#9684) * Enabling queryparam addition to anchour links * Code review changes * Additional cache urls (ampproject#9733) * Significantly speed up gulp build --css-only (ampproject#9726) Prior to this PR, gulp build --css-only would take ~ 1 minute to run, and end up building a bunch of js files in addition to compiling css. After this PR, gulp build --css-only takes ~ 0.5 seconds to run (a 100x speed up), and the only output files in build/ after running it are .css, and .css.js files. Resulting speeds on my workstation: gulp build --css-only: ~500ms gulp build: ~1m 45s gulp dist --fortesting: ~3m 30s Fixes ampproject#9640 * add amp-analytics Facebook Pixel support (ampproject#9449) * add amp-analytics Facebook Pixel support * add amp-analytics Facebook Pixel support * fix test on extensions/amp-analytics/0.1/test/vendor-requests.json * add Facebook Pixel standard events https://developers.facebook.com/docs/ads-for-websites/pixel-events/v2.9#events * Update vendors.js fix conflicts * Update vendors.js fix conflicts * Update vendor-requests.json fix conflicts * Update vendor-requests.json fix conflicts * Update vendor-requests.json * Update analytics.amp.html * Update analytics-vendors.amp.html * Update vendors.js * Update analytics-vendors.amp.html * fix lint error * update * facebook pixel * Update vendor-requests.json * Update analytics.amp.html * fix lint error * fix lint error * fix alphabetical order * Update yarn.lock * AMP-ad supports Seznam Imedia ad network (ampproject#8893) * AMP-ad supports Seznam Imedia ad network * Fixed requested changes * Fixed requested changes * Render API implemented * Improved placing ads * Fixed requested changes * Render API fixed context * Renamed IM.cz to Imedia * Described JSON parameters
@dvoytenko this is the PR I mentioned in the email I sent you recently.
This is also mostly an experiment for now just to check if this is an approach we could take. I'll fix docs/tests later on.
The reasoning for this is the following: our "login urls" are retrieved from our authorization endpoint response.
All the information necessary for those login urls (including the return url) is baked into them by our internal service (I believe I had explained how we build those urls when we built the initial implementation of amp-access-laterpay and it's very likely you don't remember, so I can provide a better explanation of this if you'd like).
For that reason, we need to send the
RETURN_URLat the time of contacting the authorization endpoint.The code changes in this PR are able to achieve that.
Do you think this is an acceptable approach? Do you see any reason as to why we shouldn't do this and take a different approach?