Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(auth): Implement Passwordless Authentication #9660

Closed
wants to merge 21 commits into from
Closed

feat(auth): Implement Passwordless Authentication #9660

wants to merge 21 commits into from

Conversation

raisedadead
Copy link
Member

@raisedadead raisedadead commented Jul 10, 2016
edited
Loading

Feature Checklist:

  • Create API for creating/saving a temporary token
  • Add email template and sending logic
  • Add validations and timeouts
  • Update the sign in view
  • Prevent users without verified email from login
  • Create API for creating/saving an access token Using loopbacks defaults
  • Add routes for requesting access token
  • Invalidate used/expired tokens
  • Remove password reset logic
  • Handle all errors gracefully
  • Remove all passwords from database (DevOps: Remove all passwords from database #14559 issue created for DevOps)
  • Add debounce/disable to magic link button
  • Add some loading indicator to magic link button ajax request
  • (berks): Investigate memory consumption issue

Closes #8165
Closes #9027
Closes #15254

@raisedadead raisedadead added the status: blocked Is waiting on followup from either the Opening Poster of the issue or PR, or a maintainer. label Jul 10, 2016
@raisedadead raisedadead self-assigned this Jul 10, 2016
@raisedadead raisedadead added status: waiting review To be applied to PR's that are ready for QA, especially when additional review is pending. status: blocked Is waiting on followup from either the Opening Poster of the issue or PR, or a maintainer. and removed status: blocked Is waiting on followup from either the Opening Poster of the issue or PR, or a maintainer. status: waiting review To be applied to PR's that are ready for QA, especially when additional review is pending. labels Jul 10, 2016
@ghost ghost assigned BerkeleyTrue and ghost Jul 10, 2016
@ghost ghost removed their assignment Jul 31, 2016
@QuincyLarson
Copy link
Contributor

@atjonathan @raisedadead @BerkeleyTrue I have created a new issue related to this here: #10407

@BerkeleyTrue
Copy link
Contributor

@raisedadead Please continue to work on this. #10407 does not change the user stories of this PR.

@QuincyLarson
Copy link
Contributor

Reopening this because the underlying passwordless functionality is still needed for updating the workflow.

@QuincyLarson
Copy link
Contributor

@raisedadead I know you're recovering from the flu. I just wanted to check and see how this is coming along, and let you know that going passwordless is still a priority for us 😄

@raisedadead
Copy link
Member Author

Hi @QuincyLarson, just got back. I plan to work on this from tomorrow. Sorry about the delay.

@QuincyLarson
Copy link
Contributor

@raisedadead no need to apologize - thanks for helping us implement this!

@raisedadead
Copy link
Member Author

Just a rebase of the mess that I created. Will be ready with the feature in the next push.

@BerkeleyTrue
Copy link
Contributor

👍

@raisedadead
Copy link
Member Author

Basic functionality is there out now… just some more validation touches and code optimisations and we are good (soon).

@QuincyLarson
Copy link
Contributor

@raisedadead awesome - thank you for keeping us posted 😄

@raisedadead raisedadead changed the title [WIP] Implement Passwordless Authentication Implement Passwordless Authentication Oct 31, 2016
@raisedadead
Copy link
Member Author

raisedadead commented Oct 31, 2016
edited
Loading

This is mostly ready, but am at my wit's end for getting the request to complete when the link in the email is completed.

Basically I need to get the middleware invalidateAuthToken function to execute correctly.

Would appreciate a review and guidance from anyone.

@raisedadead
Copy link
Member Author

Never mind my last comment. I figured out that I was just more sleepy than I should have been last night.

This is ready for QA.

@raisedadead raisedadead added status: waiting review To be applied to PR's that are ready for QA, especially when additional review is pending. and removed status: blocked Is waiting on followup from either the Opening Poster of the issue or PR, or a maintainer. labels Nov 1, 2016
BerkeleyTrue
BerkeleyTrue suggested changes Nov 9, 2016
View reviewed changes
common/models/user.js Outdated
if (!isEmail(email)) {
return Promise.reject(
new Error('The submitted email not valid.')
);

This comment was marked as off-topic.

Sign in to view

common/models/user.js Outdated
email: email,
emailVerified: false
};
return User.findOrCreate$({ where: { email: userObj.email }}, userObj)

This comment was marked as off-topic.

Sign in to view

common/models/user.js Outdated
.map(([ err, user, isCreated ]) => {
if (err) {
return dedent`
Oops, something is not right, please try again later.`;

This comment was marked as off-topic.

Sign in to view

common/models/user.js Outdated
'a few seconds';
debug('request before wait time : ' + timeToWait);
return dedent`
Please wait ${timeToWait} to resend an authentication link.`;

This comment was marked as off-topic.

Sign in to view

common/models/user.js Outdated
let emailTemplate = 'user-request-sign-in.ejs';
if (isCreated) {
emailTemplate = 'user-request-sign-up.ejs';
}

This comment was marked as off-topic.

Sign in to view

common/models/user.js Outdated

return dedent`
If you entered a valid email, a magic link is on its way.
Please follow that link to sign in.`;

This comment was marked as off-topic.

Sign in to view

common/models/user.js Outdated
.map((msg) => {
if (msg) { return msg; }
return dedent`
Oops, something is not right, please try again later.`;

This comment was marked as off-topic.

Sign in to view

common/models/user.js Outdated
return dedent`
Oops, something is not right, please try again later.`;
})
.catch(error => {

This comment was marked as off-topic.

Sign in to view

This comment was marked as off-topic.

Sign in to view

common/models/user.js Outdated
return Observable.throw(new Error(
`Please wait ${timeToWait} to resend email verification.`
));
if (!isDev) {

This comment was marked as off-topic.

Sign in to view

server/boot/user.js
@@ -152,6 +153,9 @@ module.exports = function(app) {
);
}

AccessToken.findOne$ = Observable.fromNodeCallback(

This comment was marked as off-topic.

Sign in to view

@raisedadead raisedadead changed the title Implement Passwordless Authentication [WIP] Implement Passwordless Authentication Nov 20, 2016
@raisedadead raisedadead added the status: blocked Is waiting on followup from either the Opening Poster of the issue or PR, or a maintainer. label Nov 20, 2016
BerkeleyTrue
BerkeleyTrue reviewed Dec 22, 2016
View reviewed changes
common/models/user.js Outdated
emailVerified: false
};
return User.findOrCreate$({ where: { email }}, userObj)
.map(([ err, user, isCreated ]) => {

This comment was marked as off-topic.

Sign in to view

@BerkeleyTrue BerkeleyTrue removed the status: waiting review To be applied to PR's that are ready for QA, especially when additional review is pending. label Mar 17, 2017
@raisedadead
Add invalidate token handler
5c13eeb
@raisedadead
Fix indenting and remove isDev from wait time.
8b528e2
@raisedadead
Donot render per request email
4fd43e3
@raisedadead
Remove error catch and use update method
533d080
@raisedadead
Unify signin and signup with lesser clicks
eb25f04
@raisedadead
Remove sign up page and update button styles
ff652e9
@raisedadead
Remove reset-password logic
7a49864
@raisedadead
Remove non-react Update email views and routes
394c250
@raisedadead
chore(passwordless): Update to freeCodeCamp
009a4f5
@raisedadead
Update email views and notifications
f7db20f
@raisedadead
refactor(code): cleanup and rebase
4398be5
@raisedadead
fix(email): allow sender email var for development
fb48b61 
Allows setting the SES_ID, SES_SECRET and EMAIL_SENDER values
@raisedadead
fix: Add error handling and refactoring of Observable methods
df24cb0
@raisedadead
fix(email): Error messages for updateEmail API
49925c9
@raisedadead
feat(server): Add URL utils to compute server URL, HOST, PORT, etc.
4f4cd96
@raisedadead
fix(email): Add a trailing slash to avoid redirects
e230b1e
@raisedadead
fix(email-auth): add disable and loading indication to button
343d2d5
@raisedadead
fix(auth): Fix merge errors from rebase
0455d20
@camperbot
Copy link
Contributor

@raisedadead updated the pull request.

@raisedadead raisedadead added the status: blocked Is waiting on followup from either the Opening Poster of the issue or PR, or a maintainer. label Aug 29, 2017
@BerkeleyTrue
Copy link
Contributor

woot!!

@raisedadead raisedadead removed the status: blocked Is waiting on followup from either the Opening Poster of the issue or PR, or a maintainer. label Aug 31, 2017
@raisedadead
Copy link
Member Author

@BerkeleyTrue this is ready for QA. Please check when you can. Thanks.

@raisedadead raisedadead mentioned this pull request Aug 31, 2017
Closed
@BerkeleyTrue
Copy link
Contributor

Looks good. I'll merge when I get to a computer

@BerkeleyTrue
Copy link
Contributor

merged!!!!!!!!!!!!!!!!!!!!
61d740b

✨ 🎊 🚀

I owe you a 🍺

Happy Coding!

@BerkeleyTrue BerkeleyTrue removed the status: waiting review To be applied to PR's that are ready for QA, especially when additional review is pending. label Sep 2, 2017
@raisedadead
Copy link
Member Author

@BerkeleyTrue awesome, thanks a lot for the QA. Do let me know how it goes when deployed?
Of course, let's grab some 🍺 when we do meet in person in future! 😄

@raisedadead raisedadead deleted the feature/passwordless-login branch September 2, 2017 15:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@BerkeleyTrue BerkeleyTrue BerkeleyTrue approved these changes

@piotrek1543 piotrek1543 piotrek1543 approved these changes

Assignees

@raisedadead raisedadead

@BerkeleyTrue BerkeleyTrue

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@raisedadead @QuincyLarson @BerkeleyTrue @augmt @camperbot @frutsy007 @piotrek1543