can't change user role in useradmin because of captcha :)

[j2l]

Because the admin user edit form is generated, captcha is always wrong when you need to change role of another user:

[j2l]

Sorry to bother you @glutamate but this one is hurting pretty badly. Any idea how to adapt/remove captcha in useradmin?

[glutamate]

Yes I thought I had included code to avoid this but I will have a look.

[glutamate]

By the way is it possible to create/edit users using custom built views? Have you ever tried this @j2l ? If this doesn't work I think I should enable it, I think it could be good to allow custom forms for user management

[j2l]

Only /useradmin/ internal view has access to user role. If you prefer to add role access to custom view, that'd be even better!

[glutamate]

i meant, you can create List, Edit views with table = users. That way you can edit your users with field view is that you decide. This is somewhat limited in terms of password resetting

[j2l]

Maybe I didn't get something despite I already made custom views for users. How could I add user's ROLE (staff, admin) to a user edit view?

[glutamate]

I see yes that would be a problem. I will fix the underlying issues so you can use the user form as normal, and later we can explore making custom views of users more powerful

[j2l]

Great!

[glutamate]

Hmm i just tried to replicate this error and can't. Both with SVG and H captchas. What version of Saltcorn are you on and is captcha module the latest version (0.1.5)?

[j2l]

0.8.2, captcha 0.1.5 on a tenant, SVGcaptcha

Checkbox only appears when you switch from one captcha to another and don't CTRL+R the useradmin page (purge cache). That's another global issue: SC shows a cached version, not the actual page content, even with Disable JS/CSS asset caching, show full error to user on crash, enable editing field type checked.

[j2l]

Thanks for pointing me to Hcaptcha, this one is solvable in useradmin. Funny to tick pandas in a forest to change the role of a user but at least this one works.

[j2l]

Using HCaptcha, I don't know why but now I get an error when I click SAVE in useradmin: Error editing user: invalid input syntax for type boolean: "{"success":"P1_eyJ0eXAiOi...

BTW, I still have to force refresh (CTRL+R or F5) to really get the content.

[j2l]

The cache issue seems to be on my side, but I removed everything I could (cloudflare cache, JS/CSS caching). @glutamate do you know by any chance where else I should search?

[glutamate]

Set public cache TTL to 0 here

[glutamate]

what else do you have between your browser and the saltcorn server process? I found that cloudflare caching does not work very well

[j2l]

Thank you @glutamate

I didn't touch TTL, it was 0.

• cloudflare (dev mode, no cache)
• name resolution (nginx as a proxy, "cache assets" OFF)
• docker container (no cache AFAIK)
• browser > network > disable cache

Do you use traffik? and run on docker?

[j2l]

Using HCaptcha, I don't know why but now I get an error when I click SAVE in useradmin: Error editing user: invalid input syntax for type boolean: "{"success":"P1_eyJ0eXAiOi...

BTW, I still have to force refresh (CTRL+R or F5) to really get the content.

@glutamate I had to remake host and tenant from scratch, and this error still pops up in 0.8.4.

More precisely, when I disable the custom signup form, captcha is a boolean and editing works. But when hcaptcha is used in a custom signup form, useradmin is broken (shows the captcha widget) and changing someone else role raises the error above.

I tried dropping the captcha widget into a container with 'show if' NOT admin, but it doesn't work for useradmin/ still showing the captcha widget. I also tried the opposite: adding captcha twice, once visible as a widget and once as 'edit' (checkbox) in a container only if admin, but nobody can register anymore, a new user gets this message:

TypeError: Cannot read properties of null (reading 'success')
    at Object.postProcess (/plugin_packages/@saltcorn/captcha/hcaptcha.js:53:21)
    at Form.asyncValidate (/usr/local/lib/node_modules/@saltcorn/cli/node_modules/@saltcorn/data/models/form.ts:173:38)
    at /usr/local/lib/node_modules/@saltcorn/cli/node_modules/@saltcorn/server/auth/routes.js:930:27
    at runMicrotasks (<anonymous>)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)

I still don't get why useradmin is reusing custom signup by default. Could it have a checkbox to default userview to NOT using custom signup view?

I'm totally stuck, what could I do to help you on this one? Please, please, I know captcha is a pain but not being able to change a user role is breaking Saltcorn :smile: Thank you

[glutamate]

I'll have a a look at this @j2l

[glutamate]

fixed in https://github.com/saltcorn/saltcorn/commit/c5870bd11b5b9afc733a031de3d99f0f68027f36, I will release a new version to NPM and docker when it passes CI

[j2l]

Thank you very much @glutamate !!!

Looking at the commit to try to help beyond writing tickets: You add fvObj in it. Is it a checkbox or else?

[glutamate]

No, what what was going on is that some views have a unsuitableAsAdminDefault flag to tell the admin interface that this field view should not be used in the admin forms. The captcha fieldviews have this. However there was a bug in looking this up: in the previous code it tried to look this up on f.fieldview which was in fact not a fieldview object but just the name of the field view. So the flag was never detected.

This is in a bit of code that tries to guess the right fieldviews for the admin user form. In general it looks through the signup forms to find a good field view, however we want to disable this for the captcha fieldviews hence the need for unsuitableAsAdminDefault

The result of all this is that it becomes a checkbox, yes.

[glutamate]

Relased to docker and npm as 0.8.5-beta.1. Thank you for your patience @j2l

[j2l]

Great news! Thank you @glutamate, I'll have a nicer week :)