Application suspended from GitHub #1147
Comments
|
Yeah, I'd also like to add that I think #1145 is related to this / caused this error. |
|
Hey all - yep there is an API issue, I can confirm we know about it and are trying to figure it out with GitHub. |
|
Oh, I should mention a possible workaround in the meantime if you really want to log in: if you do a password reset you can log in with email+password instead of GitHub OAuth. You can later re-link with GitHub after the API issue is resolved. Note that the "Forgot?" option only appears on https://www.bountysource.com/signin when you've entered an email, like so:
|
|
Facebook authentication not working. |
|
Hi @sadko4u I haven't heard about issues with the Facebook auth before. That might be new if reproducible and worthy of a separate issue. Does the workaround above with regular account simply using an email + password not work? Either via resetting password from a linked account or signing up for a plain old fashioned non-linked account. |
|
I currently can not understand the behaviour of bountysource. At my home PC I'm stil logged in. And in my account I see I've commented this post. When I wrote the previous comment, I was logged in with another account. Have you consolidated them? |
|
FYI, I wrote the previous comment from another PC at my work. |
|
@sadko4u Unsure what you mean there - your comments are on GitHub, not Bountysource, so your account setup on Bountysource shouldn't matter at all. You can't post comments to a GitHub issue via Bountysource - although you can of course easily find links to go here to do so. Apologies in advance if I'm missing something :-) |
|
Github login not working correctly for me too, cant sign up |
I didn't register with email on Bountysource. I've registered with facebook account and then linked GitHub account. Then Facebook login became broken: facebook doesn't accept your API's SSL certificate. Thanks the linked GitHub account I could log in. Now GitHub is broken, too. So I tried:
|
|
What I actually see in my right account, is: |
|
Oooh interesting. The SSL cert was updated not that long ago. Maybe that broke something FB related. Thanks for that :-) Try the approach in the screenie I posted above - go to the sign-in page, enter the email associated with the account you're trying to gain access to, and the little "Forgot" link should show up. Whether you initially signed up via GitHub, FB, or anything else that method should let you reset back to an email/password combo. If you're not sure which account to keep and/or if you'd like to delete any extras you can email a request (with any involved email addresses) to support@bountysource.com On the screenie - interesting. Probably from the same GitHub account being linked to two different Bountysource accounts. I can see 3 accounts for you in the system and we should be able to straighten that out - but it might be easier via a support request or if you could join #bountysource on Freenode IRC and private message me there? Happy to keep going here as well just don't want to be posting your email addresses all over the place. |
|
@Cervator |
|
Not important to do so.. they already know: https://twitter.com/Bountysource/status/920766704459894785
|
|
BountySource folks this has been broken for weeks. Is there anything we can do to help? Do you need a general call put out for help from GitHub. Seems like a very long time for a core part of the app to be broken and it's preventing me posting new bounties and releasing old ones. |
|
It absolutely does suck and we could use help, but this specific issue is waiting on a response from @wkonkel right now. In the meantime I would love a hand or two in the support mines :-) We've had a few volunteers try to stand up a local Bountysource instance to help with code, reviewing PRs, improve the setup docs, and so on. It would be hugely helpful to have more people go through that process. I joined up to make the support queue less of a headache for @rappo and more reviewers would help make code easier to finish and merge. Anything that helps spread around the workload :-) |
|
Is BountySource basically dead now? I don't know if there are technical reasons or something else, but I am not getting any confidence in BountySource. I was hoping to recommend BountySource to other users, but I can't possibly do that unless issues are resolved in a timely fashion. |
|
It seems that they don't care if an integral part of the system is broken... Are there any alternative services like BountySource? |
|
Not quite dead or anything, there's plenty of bounty volume still flowing as the GitHub integration link isn't vital nor the only platform - but it does really suck, yes. As a fairly new volunteer I can help with and address some issues, but this one is out of my reach. Need the main two guys and they're still caught up in their day jobs. |
|
Not vital for you perhaps, but it was the only reason I signed up. Perhaps there is some other issue, but the bounty I raised on a github project doesn't appear in github - for me that is a stopper. However, you reveal something I wasn't aware of. I assumed running BountySource was someone's day job, not a side project or run by volunteers. I am sure you realise that giving money to a largely unknown organization raises massive trust issues, and I am not getting a positive feeling. Anyway, there are enough red flags flying for me to recommend to others that they should avoid BountySource. |
|
@bobc It actually was somebody's day job - emphasis on "was" however :-) It began as a startup with full funding and so on, but the fees didn't generate enough revenue to keep the staff going full time. So it went volunteer instead, but as has become apparent it is hard to run on pure volunteer time. A few months ago another round of outreach was done to try landing some more volunteers which is when I joined in. I hope we can get more volunteers yet and stabilize as a solid open source option. As for notability you can look to the past of the project for that, there is an assortment of publicity from back when the project was running full throttle, including some pretty nice numbers with IBM and others. These days it is more quiet but still the same project with years of history and trust. Again though - yes, the current situation sucks, and I had the same concerns myself as a Bountysource user a year or two ago about sinking in more bounty money on my other projects. Especially when there were dry periods for support (main thing I add right now - still catching up). But I liked the software, having compared it to a few other options, and eventually decided to try to help make it better myself instead of leaving. That's a personal choice and I support anybody's decision to stay or go. I do really hope more will go for both staying as well as stepping it up a notch by helping volunteer so we can improve all the things and put issues like this one in the past :-) |
|
I think that we in the software industry need to find a way to do sustainable open source - and I hoped BountySource would be the platform where we can fund open source... But until now, I couldn't test it because of this problem... @Cervator thanks for helping this project - I hope it gets fixed soon and doesn't go down... |
|
https://www.bountysource.com/issues/50311363-application-suspended-from-github ^ bounty for solving github login issue (only meant as a start, more backers welcome!). sponsored by https://www.borgbackup.org/. :-) |
|
@ThomasWaldmann I think only BountySource can fix the issue by contacting GitHub support. There's also probably an underlying issue that caused the application to be suspended (maybe someone stole the client secret, someone's abusing the BountySource API to spam GitHub, or BountySource's rate code limiting is broken), but until we get word from GitHub support we can only speculate about that. Also, IIRC, no one besides BountySource members have touched the backend in years (probably since last I checked it's on a super old Ruby version). |
|
Went to go add money to the bounty but I couldn't login as I use Github OAuth 😢 Even if it's limited to BountySource members, maybe it'll incentivize them... |
|
I have been unable to login for weeks now and I will set a password as soon
as I can. Sorry to spam this list but I find this highly unacceptable.
…On Sun, Nov 19, 2017, 23:03 Ben Creasy ***@***.***> wrote:
Went to go add money to the bounty but I couldn't login as I use Github
OAuth 😢
Even if it's limited to BountySource members, maybe it'll incentivize
them...
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#1147 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AEQJ1ZZD5zb8gZGOi8EIEJvwchrBsop9ks5s4KXMgaJpZM4P5kJ->
.
|
|
I certainly agree with @bergwerf. Even with a $25 bounty attached, nothing is happening. Bountysource seems like it could be really successful, but the fact that this simple issue has still not be solved is quite an indication of its current state. I doubt that @rappo or @wkonkel have even contacted GitHub support. If not, does anyone know any GitHub employees that could help? Possibly by @-ing them? Bountysource in general needs quite a few updates (a newer design, updated Rails version as @PlasmaPower mentioned, etc.) and sadly I cannot provide them and neither can the devs, apparently. |
|
There has been some contact and I've been pushing for more, but I can't personally fix this :-( What I can do is aim to publish a feature request I think would help resolve this (if worked, of course), and offer some more information about exactly what's going on. I really would like to get an update from @rappo or @wkonkel first but if not maybe it'll help us move forward. |
|
@Cervator Okay, I think I can help..whats going on? Should I shoot an email to Github? Busy setting up source on my machine, but if you have an idea of whats wrong, I'm all ears.. |
|
I think an official project lead such as @rappo or @wkonkel (I keep @-ing hoping they'll respond) would have to email GitHub, @MojoJojo. However, this project does greatly need help, so if you could submit some PRs adding features, improving the design, etc. that would be welcomed. Also, you could create a PR with a temporary message on the sign-in page about the issue with GitHub, just to let users know we're aware. Really, any contributions are appreciated, especially if you can get in contact with either of the two main devs. |
|
Yep we still need one of those two. I can in theory merge PRs but I can't deploy anything. @MojoJojo setting up to run from source on its own is hugely helpful. https://github.com/bountysource/core/wiki/How-to-Contribute is more up to date than the README but still is missing a thing or two so if you spot anything while following it please make updates, tweak the readme, contribute handy new utility setup scripts, a seed DB, etc. The easier we can make it to code the better :-) |
|
Hi All, Sorry for not responding sooner. GitHub asked us to remove user content by a deadline, but we failed to act and they suspended our app. Here is their note:
If somebody submits a PR that addresses this feedback, I’ll code review and merge. |
|
Alright, glad to have the word out officially then, thanks @wkonkel :-) With that out of the way I have some extra details and suggestions we might be able to turn into a solution. Background infoFor a bit more background info: the original user request IIRC was resolved by simply deleting the user's Bountysource account (that was a while ago though, I could be wrong). But that wasn't before said user had contacted GitHub, which then led to the realization that there isn't an easy way to do content removal in general (a requirement of the GitHub API terms). That was all after a rather lengthy back and forth with too much time in between replies due to the recent availability issues, trying to sort out exactly what the issue is and what would resolve it. Specifically, and with a more recent and relevant example, if a user disagrees with having their comments listed on a Bountysource issue page there isn't an easy way for us to remove that, since the issue pages really just mirror GitHub and adds some Bountysource stuff on top, like when a bounty amount was added, etc. In the newer example a user had replied to a GitHub issue update notification via email - which inserted the user's email signature on the GitHub issue comment. Which then synchronized to the Bountysource issue page. Now said user had personal data on an issue on the Bountysource side. I asked said user if they could just please edit their comment on GitHub to remove that data and that part was fine (although I'm not sure that synchronized since now we can't talk to GitHub) However, there was also a quirk with the user's profile image - which on the Bountysource side somehow differed from the GitHub side (some Gravatar setup or something?). So now on the Bountysource side there was a photo of the user while GitHub just had a more generic icon. In short, Bountysource needs functionality to blank out user data either selectively or entirely across the whole site, so we can respond to fair requests where a user for some reason doesn't want to see their comments or other data on Bountysource, as that can happen simply by responding to somebody else's issue on GitHub. Deleting a user's Bountysource-side account has been an option for ages and has usually worked, but there are certainly legitimate cases where more is needed. Resolution needsSo the feature request we need to complete to be able to resolve this needs to add an option in the admin system for a given off-site user (may also be a Bountysource user, but essentially a commenter) to:
That needs to be able to survive a regeneration of the whole issue page on the Bountysource side of things, so we need a list of affected usernames in the DB that has to be checked when an issue page is generated/updated. Difficulty: since Bountysource is compatible with a series of issue trackers, not just GitHub, commenter names may not be unique? So how could we uniquely redact just one off-site user without accidentally hitting an unrelated one? Maybe this system should be unique to GitHub-based issues, at least until we have requests for other systems (limited availability of effort and everything) If we start with it being unique to just GitHub users we can probably use some unique token per user that comes out of the GitHub API request, and when found that comment will be blanked out. And only have it run for a page mirroring a GitHub issue. Issues and their main description (posted by a user) are treated separately than subsequent comments by the GitHub API so there might have to be two separate steps - whether an initial issue and its description is posted by an affected user and whether subsequent comments are posted by an affected user. I'm not sure if an issue posted by an affected user should be entirely blocked from generating on Bountysource. At first I thought it may make sense to have a variant of the "Delete" button on the admin page for a user on Bountysource that instead redacts their stuff. But I'm not sure that would necessarily affect all the right bits, nor is it a guarantee that a user would have a Bountysource account before requesting a removal of content. Hopefully this helps explain things a bit further while providing some guidance on what is needed to move forward. I'm sorry it has been such a painful process getting this far :-) |
|
@zanedb @Cervator @wkonkel Thanks! That helps a lot. I spent some time today setting up everything locally and got the images to build. There were a few things that I had to change to get everything to build work - will submit a PR shortly. As for the GitHub issue, I am unfortunately not a great Ruby/Rails developer (have Angular experience though) but willing to give it a shot. Just busy playing around and familiarizing myself with bounty source code at the moment and will provide feedback shortly. Thank you once again for the feedback and ideas! |
|
@MojoJojo About the setup, did you have to do something similar to PR #1135? Just a heads up that some changes are already in that PR. Look forward to see you getting some stuff done, hit up IRC if you need any help. You can also PM Cervator and/or Rappo on IRC with your email to get into the Slack channel, if you prefer that. |
|
Would it be easier to just replace the username with a unique-ID (essentially just renaming the user. blocking logins and removing all meta-data) to make them unidentifiable? Something like "removed123456". That would possibly not require any significant DB-changes and very little code. |
|
@syncissues certainly something to keep in mind :-) Not for logins though. We could get a request from a GitHub user who doesn't have a Bountysource account at all. I'm not familiar how individual comments are stored or processed. For all I know we don't even do that - Bountysource might just generate a page then store the whole thing as text, with no specific granularity identifying individual comments. So it could just mean tweaking the logic that generates that to skip any pieces related to a given GitHub user. |
|
As I understand it we are able to extract the unique user ID of the Github user through the Git-API. https://api.github.com/users/syncissues As you can see my ID is 33897775. Git defenitely stamps each comment with my ID, which we could use to single out any individual comment made by a specific user. https://developer.github.com/v3/issues/comments/ So, we should extract the user ID from Git and remove all comments for that User ID upon deletion of the account (and label them as you suggested, @Cervator ). |
|
Update on this issue: Yesterday @wkonkel committed code which I believe satisfies GitHub's requirements. We've tested and deployed the changes to production. GitHub was notified and we're awaiting their response. Hang tight and thanks for your patience :) |
|
From GitHub support:
I've tested login and it's working. Going to close this and #1145. If anyone finds any issues, please open a new ticket. |
|
Tested login using github, works for me. Thanks to @wkonkel (and whoever else worked on fixing this)! Please claim the bounty: https://www.bountysource.com/issues/50311363-application-suspended-from-github |
I've been attempting to sign up recently (with GitHub), and always receive the following message:
{"error":"Internal server error."}.Digging into the URL makes the error pretty apparent:
Importantly, notice that
error=application_suspendedanderror_description=Your+application+has+been+suspended.+Please+contact+support%40github.com.The URL also links to this page (which is not helpful), but does suggest emailing support@github.com.
The text was updated successfully, but these errors were encountered: