search

mozilla / openbadges-backpack

Mozilla Open Badges Backpack
https://backpack.openbadges.org/
Other
862 stars 263 forks source link

Can't push badges from passport.cancred.ca to Backpack #1124

Open dpresant opened 7 years ago

dpresant commented 7 years ago

Reported by email, 27 Feb: I'm in CanCred Passport trying push to Backpack and download to my laptop... all of this works fine on Open Badge Passport, hence my suspicion that it's an SSL certificate issue (see below).

SCENARIO 1: EXPORT TO BACKPACK

I go to:

Badges > Manage > Export

I select one badge for export to Backpack

I click the button: [Export selected badges to Backpack]

Result: "You are about to send 1 badge to your Backpack at backpack.openbadges.org. "

Click button: [Send]

Result: "You didn't add any open badges to your Backpack."

SCENARIO 2 : DOWNLOAD A BADGE

Badges > Manage > Export

I click on the download icon for one badge

Result: "400"

This is now different from before, which was:

{"message":"could not get assertion: unreachable","stack":"Error: could not get assertion: unreachable\n at makeError (/app/lib/analyze-assertion.js:6:26)\n at Request._callback (/app/lib/analyze-assertion.js:18:23)\n at self.callback (/app/node_modules/request/request.js:186:22)\n at Request.emit (events.js:95:17)\n at Request.onRequestError (/app/node_modules/request/request.js:845:8)\n at ClientRequest.emit (events.js:95:17)\n at CleartextStream.socketErrorListener (http.js:1610:9)\n at CleartextStream.emit (events.js:95:17)\n at SecurePair. (tls.js:1445:19)\n at SecurePair.emit (events.js:92:17)","code":"http-unreachable","extra":{"message":"CERT_UNTRUSTED","stack":"Error: CERT_UNTRUSTED\n at SecurePair. (tls.js:1430:32)\n at SecurePair.emit (events.js:92:17)\n at SecurePair.maybeInitFinished (tls.js:1029:10)\n at CleartextStream.read [as _read] (tls.js:521:13)\n at CleartextStream.Readable.read (_stream_readable.js:341:10)\n at EncryptedStream.write [as _write] (tls.js:418:25)\n at doWrite (_stream_writable.js:226:10)\n at writeOrBuffer (_stream_writable.js:216:5)\n at EncryptedStream.Writable.write (_stream_writable.js:183:11)\n at write (_stream_readable.js:602:24)\n at flow (_stream_readable.js:611:7)"}}

Previously reported by emai, 22 Febl: this problem just identified on CanCred Passport: users can no longer download badges (using Backpack to bake them) or export badges to Backpack.

(CanCred Passport is identical to Open Badge Passport - just on a Canadian server. But I don't observe the problem on Open Badge Passport)

Antti thinks it may be due to the fact that we changed our wildcard SSL certificate recently.

As an example, here's the URL for a badge I'm trying to download (could be any badge):

https://backpack.openbadges.org/baker?assertion=https%3A%2F%2Ffactory.cancred.ca%2Fv1%2Fassertion%2Fec2945b18cb7979ce2f8ef127943faa0b80d9193.json

Here's the error message:

{"message":"could not get assertion: unreachable","stack":"Error: could not get assertion: unreachable\n at makeError (/app/lib/analyze-assertion.js:6:26)\n at Request._callback (/app/lib/analyze-assertion.js:18:23)\n at self.callback (/app/node_modules/request/request.js:186:22)\n at Request.emit (events.js:95:17)\n at Request.onRequestError (/app/node_modules/request/request.js:845:8)\n at ClientRequest.emit (events.js:95:17)\n at CleartextStream.socketErrorListener (http.js:1610:9)\n at CleartextStream.emit (events.js:95:17)\n at SecurePair. (tls.js:1445:19)\n at SecurePair.emit (events.js:92:17)","code":"http-unreachable","extra":{"message":"CERT_UNTRUSTED","stack":"Error: CERT_UNTRUSTED\n at SecurePair. (tls.js:1430:32)\n at SecurePair.emit (events.js:92:17)\n at SecurePair.maybeInitFinished (tls.js:1029:10)\n at CleartextStream.read [as _read] (tls.js:521:13)\n at CleartextStream.Readable.read (_stream_readable.js:341:10)\n at EncryptedStream.write [as _write] (tls.js:418:25)\n at doWrite (_stream_writable.js:226:10)\n at writeOrBuffer (_stream_writable.js:216:5)\n at EncryptedStream.Writable.write (_stream_writable.js:183:11)\n at write (_stream_readable.js:602:24)\n at flow (_stream_readable.js:611:7)"}}

auralon commented 7 years ago

@cadecairos any ideas about how we might begin to address this?

cadecairos commented 7 years ago

backpack is using a fairly old version of NodeJS (0.10.48)

I suspect It's so old that CA's are signing certs with certificates it's not even aware of. I'd recommend trying to upgrate to the latest LTS branch of NodeJS.

dpresant commented 7 years ago

Update from our lead developer:

OK, changing certificates seems to fix the immediate problem. Cancred.ca is now running with Let's Encrypt cert and exporting badges to Backpack from passport.cancred.ca.

I think Backpack should upgrade to newer version of NodeJS as suggested.

I second his suggestion; we'd like to have more choice and predictability in what certificates we can use.

auralon commented 7 years ago

Sure thing, I agree. We need to bump the NodeJS version up and test all functionality, fix and problems and then push the changes out. I can't say when this will happen, but it's certainly something to stick on the roadmap.