search

dwyl / smart-home-auth-server

The authorisation server for dwyl/smart-home-security-system
GNU General Public License v2.0
5 stars 1 forks source link

Deploy Staging App to Heroku? #14

Closed nelsonic closed 4 years ago

nelsonic commented 4 years ago

As noted in https://github.com/dwyl/smart-home-firmware/issues/15#issuecomment-670084031 I think it might be more effective to run the "Hub" Phoenix App on Heroku instead of trying to run it on CI. By auto-deploying the latest master version to Heroku it's always current and we can debug things independently.

I have created a brand new (separate) Heroku Account so that the App gets the full 550 "free dyno hours" and we never have to worry about it being unavailable/offline. https://github.com/dwyl/email/issues/38 | https://github.com/dwyl/auth/issues/88 #LessonLearned 🙄

image

Let me know your thoughts on this, I don't mind doing the setup and will share the access to the app once it's working.

nelsonic commented 4 years ago

App Created and Connected to GitHub for deployment on CI success: image

Will need to add a few files and environment variables to make it work on Heroku, But I think it will be worth while to have a demo/staging version of the App. 💭

nelsonic commented 4 years ago

I've added Postgres, the Elixir Build Packs and the AUTH_API_KEY environment variable to the Heroku App. I will work on the rest after standup.

th0mas commented 4 years ago

This looks good, this should work well for testing as our firmware clients can't change the state of the Hub server, so we should be okay for running parallel tests etc.

nelsonic commented 4 years ago

@th0mas cool. thanks for confirming. I will proceed with deploying the app then. 👍

nelsonic commented 4 years ago

Deployment is blocked by failing tests #15 ⛔ @th0mas please address and LMK when I can proceed. ✅ Thanks! 🌻

nelsonic commented 4 years ago

Continue: https://dashboard.heroku.com/apps/smart-home-auth-server

nelsonic commented 4 years ago

image

GenServer #PID<0.258.0> terminating
** (Postgrex.Error) FATAL 28000 (invalid_authorization_specification) role "tomh" does not exist
nelsonic commented 4 years ago

Had to update config/dev.exs

From: https://github.com/dwyl/smart-home-auth-server/blob/67f9883c6e21c50e8bf334018cfca42b27295474/config/dev.exs#L4-L8

To:

# Configure your database
config :smart_home_auth, SmartHomeAuth.Repo,
  username: "postgres",
  password: "postgres",
  database: "smart_home_auth_dev",
  hostname: "localhost",

As per the "Run" instructions: https://github.com/dwyl/smart-home-auth-server/tree/67f9883c6e21c50e8bf334018cfca42b27295474#run

nelsonic commented 4 years ago

Deployed: image

https://smart-home-auth-server.herokuapp.com image

However after authenticating with my Google Account I see the following 500 Error Page: image

Heroku Logs for the request: image

2020-08-07T21:19:42.942810+00:00 app[web.1]: ** (exit) an exception was raised:
2020-08-07T21:19:42.942852+00:00 app[web.1]:     ** (Protocol.UndefinedError) protocol Phoenix.HTML.Safe not implemented for %{errors: %{detail: "Internal Server Error"}} of type Map. 
This protocol is implemented for the following type(s): Decimal, Phoenix.LiveView.Comprehension, Phoenix.LiveComponent.CID, Phoenix.LiveView.Component, Phoenix.LiveView.Rendered, 
Phoenix.HTML.Form, Integer, BitString, NaiveDateTime, Atom, Time, List, Tuple, Date, DateTime, Float
2020-08-07T21:19:42.942853+00:00 app[web.1]:         (phoenix_html 2.14.2) lib/phoenix_html/safe.ex:1: Phoenix.HTML.Safe.impl_for!/1
2020-08-07T21:19:42.942854+00:00 app[web.1]:         (phoenix_html 2.14.2) lib/phoenix_html/safe.ex:15: Phoenix.HTML.Safe.to_iodata/1
2020-08-07T21:19:42.942854+00:00 app[web.1]:         (phoenix 1.5.3) lib/phoenix/controller.ex:776: Phoenix.Controller.render_and_send/4
2020-08-07T21:19:42.942854+00:00 app[web.1]:         (phoenix 1.5.3) lib/phoenix/endpoint/render_errors.ex:78: Phoenix.Endpoint.RenderErrors.instrument_render_and_send/5
2020-08-07T21:19:42.942855+00:00 app[web.1]:         (phoenix 1.5.3) lib/phoenix/endpoint/render_errors.ex:64: Phoenix.Endpoint.RenderErrors.__catch__/5
2020-08-07T21:19:42.942855+00:00 app[web.1]:         (phoenix 1.5.3) lib/phoenix/endpoint/cowboy2_handler.ex:65: Phoenix.Endpoint.Cowboy2Handler.init/4
2020-08-07T21:19:42.942856+00:00 app[web.1]:         (cowboy 2.8.0) /tmp/build_58a8ba63/deps/cowboy/src/cowboy_handler.erl:37: :cowboy_handler.execute/2
2020-08-07T21:19:42.942856+00:00 app[web.1]:         (cowboy 2.8.0) /tmp/build_58a8ba63/deps/cowboy/src/cowboy_stream_h.erl:300: :cowboy_stream_h.execute/3
nelsonic commented 4 years ago

@th0mas when you're back from time off. It would be good to pair on this. 💭

nelsonic commented 4 years ago

Re-reading: https://hexdocs.pm/phoenix/heroku.html#making-our-project-ready-for-heroku 🔍

nelsonic commented 4 years ago

Ran the migration on Heroku:

heroku run "POOL_SIZE=2 mix ecto.migrate"

Restarted the App.

Boom. Works.

https://smart-home-auth-server.herokuapp.com image

nelsonic commented 4 years ago

PR #19 assigned to @th0mas for when we're all back at our desks in a 10 days time. 👍

nelsonic commented 4 years ago

@th0mas please share the email address you use for Heroku on Signal so I can make you a collaborator so you can heroku logs --tail if you need to debug. 👍

th0mas commented 4 years ago

App deployed to Heroku and made accessible to collaborators, closing 👍

th0mas commented 4 years ago

image

Can't seem to log into the auth server hosted on heroku?

nelsonic commented 4 years ago

Works via Google Auth: image image

No logout implemented ... let me remove session manually.

Confirmed login with GitHub failing: image

Uses https://github.com/dwyl/elixir-auth-github under the hood. Checking: https://github.com/dwyl/elixir-auth-github-demo image

GitHub Auth Works: image

Ok, now checking if the auth_plug works via: https://github.com/dwyl/auth_plug_example image image

So I think the issue is that GitHub Auth is not passing through the email address. This issue was noted in: https://github.com/dwyl/elixir-auth-github/issues/46 We need refactor Auth a bit so that the person record allows for username as the backup to email such that GitHub login can succeed even if the person has their email address hidden. 💭

th0mas commented 4 years ago

@nelsonic is it safe to say that the issue above is an Auth issue and a thread should be created there? That would allow us to close this issue thread

nelsonic commented 4 years ago

@th0mas yeah, it's definitely an auth issue. 👍

SimonLab commented 4 years ago

We need refactor Auth a bit so that the person record allows for username as the backup to email such that GitHub login can succeed even if the person has their email address hidden

The possible future issue by using the Github username when the email is not available is that the username can be changed in Github: https://docs.github.com/en/enterprise/2.14/user/articles/changing-your-github-username

image

At the moment the email is used to retreive or create the person: https://github.com/dwyl/auth/blob/fafc5e059d65de420b4d99bf1d15ac45a3bcda12/lib/auth/person.ex#L222-L237

So using the username when the email is not defined could possibly allow another person to access information of a user who has recently updated her username.

I suggest that instead of allowing people to login/register with Github when the email is hidden we display an error message explaining that an email is required.

nelsonic commented 4 years ago

@SimonLab Yeah, requiring email when their GitHub account does not return one could be a better option. (more work but better)