Invalidusernames command

[megoth]

This is my attempt at fixing #824.

A lot of things happening here, but it boils down to a command with two options:

• [solid] invalidusernames: Will list all invalid usernames that exists on the server today
• [solid] invalidusernames --notify: Will go through all invalid accounts with invalid usernames and
  1. Make a backup of their existing index.html (move it to index.backup.html)
  2. Create a new index.html that contains info that this account will be deleted in two weeks (based on the new template default-views/account/invalid-username.hbs)
  3. Send an email (if available) with the same notification (based on the template new default-templates/emails/invalid-username.js)
• [solid] invalidusernames --delete: Will delete all accounts with invalid usernames

I've also added a new option in the init script that prompts for a support-email for POD-providers (this will only show if the multiuser-property is set to true). As part of this I made use of the isEmail-method in https://www.npmjs.com/package/validator, which I understand from #916 might not've been the most well-thought through decision.

I've tried writing some tests, but find it difficult to write tests for a lot of this =/

Any and all feedback are (as always) appreciated, and I hope I'm not too far off with this solution.

[RubenVerborgh]

Why is there both a invalid-username.hbs and .js?

[megoth]

• invalid-username.hbs is for generating the index.html that replaces the (backed up) index.html in a user's POD
• invalid-username.js is for generating the email that is sent (if email address is available)

[Ryuno-Ki]

I could be wrong, but isn't this the default behaviour in CommonJS?

[megoth]

Yeah, you're right, it's unnecessary. I'll remove it.

[Ryuno-Ki]

Think about using a logger library (likely a new issue). My favourite is loglevel (because it's simple and supports plugins).

winston is popular also.

This way you can fine-tune the logging.

[dmitrizagidulin]

Definitely a new issue, the required changes would be server-wide.
That said, it /should/ eventually be done, since one of the most frequently requested features about logging is timestamps, which our current logger does not support.

[RubenVerborgh]

Logging is great for long-running processes (and the server has logging), but this is just a short one-time job.

[megoth]

Ah, actually, I should probably reuse debug that's laid out via lib/debug.js.

[megoth]

We might consider a logger too, but yeah, that should be its own issue.

[Ryuno-Ki]

#920

[Ryuno-Ki]

Is that the only occurence of fs?
If so, would const { readFile } = require('fs') work also?

[Ryuno-Ki]

Plus const { promisify } = require('util').

[dmitrizagidulin]

After Node 8, I'm pretty sure all fs methods have a Promise interface natively, so the promisify is not even needed.

[RubenVerborgh]

https://nodejs.org/api/fs.html#fs_fs_promises_api currently has stability: experimental.

[dmitrizagidulin]

currently has stability: experimental.

Ohhh right, I was thinking about fs-extra, never mind :)

[megoth]

Ok, I'll write away promisify.

[Ryuno-Ki]

My personal view: I move the implementation of the action into another file / function.
This way I can have different interfaces for it (CLI, Web UI etc).
Plus, it is easier to test.
Plus, it is a separation of concerns (CLI vs. using the lib).

[megoth]

I would do it 100% if I thought this code was reusable, which I'm leaning toward it isn't =/

As I mentioned earlier, I found it difficult to write tests for this. It relies on a lot of file-based functionality, which makes it unsuited for unit tests. I could write integration tests, but didn't see any for the other commands, so didn't know how to attack it.

[Ryuno-Ki]

From an Angular point of view I'd argue with Dependency Injection.
That is, providing the fs as an argument to the function.
But it feels meh somehow.

[megoth]

I'm not that familiar with dependency injection in Node. I've tried MockRequire earlier, but my tests always turned a nightmare to maintain.

[Ryuno-Ki]

Hm, I wonder, whether const host = SolidHost.from({ config }) would work.
Like in Unpacking fields from objects passed as function parameter

[megoth]

I reckon you mean const host = SolidHost.from(config)? (As const host = SolidHost.from({ config }) is a shortcut for const host = SolidHost.from({ config: config }).)

Could work, but I wanted to stay specific reg this.

[dmitrizagidulin]

Agreed, more specific is better in this case (since it's clearer which args are actually used)

[Ryuno-Ki]

Fair enough.

[Ryuno-Ki]

Personally I don't like functions with so many arguments. I consider them a code smell.
Like the function trying to do too much.
It helps to have smaller functions, which are then called in order.

[megoth]

I don't like long signatures either, but in this case it's not really reusable functions, but I wanted more readable code by splitting it up into "logical" chunks of code (in what I hope is good named functions).

But yeah, if we wanted to reuse this functionality, I should probably restructure it a bit to decrease the length of the signatures.

[Ryuno-Ki]

Well, if you are struggling with writing tests, this should be argument enough to break the function up, shouldn't it?

[megoth]

If I knew how to break up this code into reusable, testable functions, I would do it ;)

[Ryuno-Ki]

Okay, I can write the high-level steps I see. Implementation goes into the functions then …

async function createNewIndexFile (/* arguments */) {
  if (isBackupNeeded(/* arguments */)) {
    await Promise.all([
      backupIndexHtml(/* arguments */)
      backupAcl(/* arguments */)
    ])
    await Promise.all([
      generateNewIndexHtml(/* arguments */)
      generateNewAcl(/* arguments */)
    ])
    logCompletion(/* arguments */)
  }
}

or maybe group the backup + creation into a single function (like an transaction).
You may want to timestamp the index.backup.html also.

[Ryuno-Ki]

Plus, looking at the function name, createNewIndexFile is misleading, since it does more than it says …
so its caller would need to call more functions.

[Ryuno-Ki]

IIRC I've read in the docs, that other auth managers (than oidc) would be supported as well.
So I am wondering here, why it has to be oidc.
Maybe add an comment? Could be that it is a „stupid question” for contributors familiar with the code.

[megoth]

No, it's not a stupid question; We support WebID-TLS and WebID-OIDC now, and WebID-TLS don't store user-data like WebID-OIDC does. (If I'm wrong, pleasepleaseplease correct me =P )

I could try to abstract away the OIDC-part of this, to accommodate future auth managers better, but I think that's going to might take a long time (for me, at least - I'm not that into auth managers yet). So I was thinking this can be done when we implement support for other auth managers.

[Ryuno-Ki]

Maybe you could leave a comment here, so the next person touching the code knows your thoughts (since I'd not look up the associated PR immediately, but rather git blame …).

I don't know the conventions in this project, though.

[Ryuno-Ki]

This is still in documentRoot, i.e. accessible from the Internet (for everybody?)?

[megoth]

Oh, should probably copy the acl-file as well O_O

[Ryuno-Ki]

Why exactly userDirectory.length - hostname.length - 1?

[megoth]

Userdirectory can be read as [username].[hostname], so it's to remove the dot between username and hostname.

[Ryuno-Ki]

Is it fixed that there must be a dot?
If so, can't you split the hostname (and take the second-to-last value)?

[Ryuno-Ki]

Shouldn't that go into an else branch?

[megoth]

Oh, forgot a return in the if-block (that's at least how I like to write that logic).

[Ryuno-Ki]

If you ever struggle with datetimes, look at date-fns or moment.

[megoth]

Yeah, I prefer the former, but didn't want to include it just for this.

[Ryuno-Ki]

Maybe more readable as .filter(user => Boolean(user.emailAddress))?

[dmitrizagidulin]

I disagree, !! is more standard, and is used throughout our libs.

[Ryuno-Ki]

!! reminds me on the output of uglify :-)
But being used throughout is a valid argument.

[Ryuno-Ki]

Why do you use path.join when the second argument is not OS-agnostic?

[megoth]

Was planning to see if I could find another a way to reference default-views/account, but forgot about it. I'll make another try, or at least fix this to be OS-agnostic.

[Ryuno-Ki]

Maybe refer to username policy somehow? I'd be wondering, what exactly is in there if I would receive such an e-mail.

[megoth]

I don't think this is necessary, but open to be convinced otherwise.

[Ryuno-Ki]

Huh? An empty tag?

[megoth]

Will remove.

[Ryuno-Ki]

Why not an h1? Semantic Web and so on.

[megoth]

Because of legacy; the other views use h4 (I reckon they did it like this initially because they thought h1 was to big; We (mostly) use bootstrap (3.3.4) for the presentation).

[dmitrizagidulin]

@megoth hehe, that's exactly why, h1 was too big on bootstrap :)

[Ryuno-Ki]

https://getbootstrap.com/docs/3.3/customize/#typography *cough

[Ryuno-Ki]

I left some comments while walking through the files.

[kjetilk]

Great with a lot of comments, I just wanted to note that this code will most likely run only once, so it is not worth spending too much time on it.