Closed abhishekbh closed 10 years ago
Prod is the same as GitHub but comment field is hidden for someone not logged in the API (in theory, for privacy) and always shows on dev, so I guess there's a bug with how it's being handled when someone is logged (it should show but it doesn't).
On Sep 20, 2013, at 18:00, Abhishek Bhatnagar notifications@github.com wrote:
Recreate:
Tested in local development environment and everything seems to work okay there. Were there any changes that went on prod that were not registered in the git repo?
Kenya SOC
— Reply to this email directly or view it on GitHubhttps://github.com/thesentinelproject/threatwiki_node/issues/99 .
Cool, checking it out. Going to emulate prod env on dev.
Abhishek Bhatnagar
On Fri, Sep 20, 2013 at 4:04 PM, Jérôme Gagnon-Voyer < notifications@github.com> wrote:
Prod is the same as GitHub but comment field is hidden for someone not logged in the API (in theory, for privacy) and always shows on dev, so I guess there's a bug with how it's being handled when someone is logged (it should show but it doesn't).
On Sep 20, 2013, at 18:00, Abhishek Bhatnagar notifications@github.com wrote:
Recreate:
- Create a datapoint
- Fill out a comment
- Hit save
- Open the same datapoint
- Comment will be empty
Tested in local development environment and everything seems to work okay there. Were there any changes that went on prod that were not registered in the git repo?
Kenya SOC
— Reply to this email directly or view it on GitHubhttps://github.com/thesentinelproject/threatwiki_node/issues/99 .
— Reply to this email directly or view it on GitHubhttps://github.com/thesentinelproject/threatwiki_node/issues/99#issuecomment-24847245 .
Interesting. We're not loading up the middleware wile accessing any component of the API. Hence everyauth is not being loaded for the API at all.
The condition on adding on comment requires session.loggedIn to be true, but this is only set in everyauth.
So basically, every check of if (req.session.auth.loggedIn) in the API is failing.
This is causing minor bits of trouble like the issue above.
Working on a fix, though this is a long term API Authentication issue. In the short run, we can pass in the everyauth object manually into the API and have the user session validated via that.
I'm going to explore the long term fix first, if that doesn't work, will just do the latter. Open to suggestions of course.
Abhishek Bhatnagar
On Fri, Sep 20, 2013 at 4:06 PM, Abhishek Bhatnagar abhishekbh@gmail.comwrote:
Cool, checking it out. Going to emulate prod env on dev.
Abhishek Bhatnagar
On Fri, Sep 20, 2013 at 4:04 PM, Jérôme Gagnon-Voyer < notifications@github.com> wrote:
Prod is the same as GitHub but comment field is hidden for someone not logged in the API (in theory, for privacy) and always shows on dev, so I guess there's a bug with how it's being handled when someone is logged (it should show but it doesn't).
On Sep 20, 2013, at 18:00, Abhishek Bhatnagar notifications@github.com wrote:
Recreate:
- Create a datapoint
- Fill out a comment
- Hit save
- Open the same datapoint
- Comment will be empty
Tested in local development environment and everything seems to work okay there. Were there any changes that went on prod that were not registered in the git repo?
Kenya SOC
— Reply to this email directly or view it on GitHubhttps://github.com/thesentinelproject/threatwiki_node/issues/99 .
— Reply to this email directly or view it on GitHubhttps://github.com/thesentinelproject/threatwiki_node/issues/99#issuecomment-24847245 .
Are you sure it's always falling? The routes are also using the same calls, that's what makes the difference between the public visualization and the private ones (ie: Kenya only accessible when logged in.) this part works as far as I know
On Sep 20, 2013, at 19:59, Abhishek Bhatnagar notifications@github.com wrote:
Interesting. We're not loading up the middleware wile accessing any component of the API. Hence everyauth is not being loaded for the API at all.
The condition on adding on comment requires session.loggedIn to be true, but this is only set in everyauth.
So basically, every check of if (req.session.auth.loggedIn) in the API is failing.
This is causing minor bits of trouble like the issue above.
Working on a fix, though this is a long term API Authentication issue. In the short run, we can pass in the everyauth object manually into the API and have the user session validated via that.
I'm going to explore the long term fix first, if that doesn't work, will just do the latter. Open to suggestions of course.
Abhishek Bhatnagar
On Fri, Sep 20, 2013 at 4:06 PM, Abhishek Bhatnagar abhishekbh@gmail.comwrote:
Cool, checking it out. Going to emulate prod env on dev.
Abhishek Bhatnagar
On Fri, Sep 20, 2013 at 4:04 PM, Jérôme Gagnon-Voyer < notifications@github.com> wrote:
Prod is the same as GitHub but comment field is hidden for someone not logged in the API (in theory, for privacy) and always shows on dev, so I guess there's a bug with how it's being handled when someone is logged (it should show but it doesn't).
On Sep 20, 2013, at 18:00, Abhishek Bhatnagar notifications@github.com wrote:
Recreate:
- Create a datapoint
- Fill out a comment
- Hit save
- Open the same datapoint
- Comment will be empty
Tested in local development environment and everything seems to work okay there. Were there any changes that went on prod that were not registered in the git repo?
Kenya SOC
— Reply to this email directly or view it on GitHubhttps://github.com/thesentinelproject/threatwiki_node/issues/99 .
— Reply to this email directly or view it on GitHub< https://github.com/thesentinelproject/threatwiki_node/issues/99#issuecomment-24847245>
.
— Reply to this email directly or view it on GitHubhttps://github.com/thesentinelproject/threatwiki_node/issues/99#issuecomment-24852786 .
Well it doesn't seem like that the object 'req.session' exists in any of the api calls. The reason is that the api routes are loaded different from the 'route' routes. The latter goes through middleware. (lines 121 - 134 herehttps://github.com/thesentinelproject/threatwiki_node/blob/master/app.js )
However, since we are sending in the app object to the api, we should still be able to find the user's login? It would exist as a child of the app object somewhere.
I might be wrong, but that's how things seem code wise?
Abhishek Bhatnagar
On Fri, Sep 20, 2013 at 6:05 PM, Jérôme Gagnon-Voyer < notifications@github.com> wrote:
Are you sure it's always falling? The routes are also using the same calls, that's what makes the difference between the public visualization and the private ones (ie: Kenya only accessible when logged in.) this part works as far as I know
On Sep 20, 2013, at 19:59, Abhishek Bhatnagar notifications@github.com wrote:
Interesting. We're not loading up the middleware wile accessing any component of the API. Hence everyauth is not being loaded for the API at all.
The condition on adding on comment requires session.loggedIn to be true, but this is only set in everyauth.
So basically, every check of if (req.session.auth.loggedIn) in the API is failing.
This is causing minor bits of trouble like the issue above.
Working on a fix, though this is a long term API Authentication issue. In the short run, we can pass in the everyauth object manually into the API and have the user session validated via that.
I'm going to explore the long term fix first, if that doesn't work, will just do the latter. Open to suggestions of course.
Abhishek Bhatnagar
On Fri, Sep 20, 2013 at 4:06 PM, Abhishek Bhatnagar abhishekbh@gmail.comwrote:
Cool, checking it out. Going to emulate prod env on dev.
Abhishek Bhatnagar
On Fri, Sep 20, 2013 at 4:04 PM, Jérôme Gagnon-Voyer < notifications@github.com> wrote:
Prod is the same as GitHub but comment field is hidden for someone not logged in the API (in theory, for privacy) and always shows on dev, so I guess there's a bug with how it's being handled when someone is logged (it should show but it doesn't).
On Sep 20, 2013, at 18:00, Abhishek Bhatnagar notifications@github.com
wrote:
Recreate:
- Create a datapoint
- Fill out a comment
- Hit save
- Open the same datapoint
- Comment will be empty
Tested in local development environment and everything seems to work okay there. Were there any changes that went on prod that were not registered in the git repo?
Kenya SOC
— Reply to this email directly or view it on GitHubhttps://github.com/thesentinelproject/threatwiki_node/issues/99
.
— Reply to this email directly or view it on GitHub<
https://github.com/thesentinelproject/threatwiki_node/issues/99#issuecomment-24847245>
.
— Reply to this email directly or view it on GitHub< https://github.com/thesentinelproject/threatwiki_node/issues/99#issuecomment-24852786>
.
— Reply to this email directly or view it on GitHubhttps://github.com/thesentinelproject/threatwiki_node/issues/99#issuecomment-24853229 .
I don't know since I'm just answering on mobile and don't see the code (I would need some time to get back into it). As long as you're confident that it's the issue, everyauth has quite lots of doc so it can help you implement changes.
On Sep 20, 2013, at 20:40, Abhishek Bhatnagar notifications@github.com wrote:
Well it doesn't seem like that the object 'req.session' exists in any of the api calls. The reason is that the api routes are loaded different from the 'route' routes. The latter goes through middleware. (lines 121 - 134 here< https://github.com/thesentinelproject/threatwiki_node/blob/master/app.js> )
However, since we are sending in the app object to the api, we should still be able to find the user's login? It would exist as a child of the app object somewhere.
I might be wrong, but that's how things seem code wise?
Abhishek Bhatnagar
On Fri, Sep 20, 2013 at 6:05 PM, Jérôme Gagnon-Voyer < notifications@github.com> wrote:
Are you sure it's always falling? The routes are also using the same calls, that's what makes the difference between the public visualization and the private ones (ie: Kenya only accessible when logged in.) this part works as far as I know
On Sep 20, 2013, at 19:59, Abhishek Bhatnagar notifications@github.com wrote:
Interesting. We're not loading up the middleware wile accessing any component of the API. Hence everyauth is not being loaded for the API at all.
The condition on adding on comment requires session.loggedIn to be true, but this is only set in everyauth.
So basically, every check of if (req.session.auth.loggedIn) in the API is failing.
This is causing minor bits of trouble like the issue above.
Working on a fix, though this is a long term API Authentication issue. In the short run, we can pass in the everyauth object manually into the API and have the user session validated via that.
I'm going to explore the long term fix first, if that doesn't work, will just do the latter. Open to suggestions of course.
Abhishek Bhatnagar
On Fri, Sep 20, 2013 at 4:06 PM, Abhishek Bhatnagar abhishekbh@gmail.comwrote:
Cool, checking it out. Going to emulate prod env on dev.
Abhishek Bhatnagar
On Fri, Sep 20, 2013 at 4:04 PM, Jérôme Gagnon-Voyer < notifications@github.com> wrote:
Prod is the same as GitHub but comment field is hidden for someone not logged in the API (in theory, for privacy) and always shows on dev, so I guess there's a bug with how it's being handled when someone is logged (it should show but it doesn't).
On Sep 20, 2013, at 18:00, Abhishek Bhatnagar notifications@github.com
wrote:
Recreate:
- Create a datapoint
- Fill out a comment
- Hit save
- Open the same datapoint
- Comment will be empty
Tested in local development environment and everything seems to work okay there. Were there any changes that went on prod that were not registered in the git repo?
Kenya SOC
— Reply to this email directly or view it on GitHubhttps://github.com/thesentinelproject/threatwiki_node/issues/99
.
— Reply to this email directly or view it on GitHub<
https://github.com/thesentinelproject/threatwiki_node/issues/99#issuecomment-24847245>
.
— Reply to this email directly or view it on GitHub<
https://github.com/thesentinelproject/threatwiki_node/issues/99#issuecomment-24852786>
.
— Reply to this email directly or view it on GitHub< https://github.com/thesentinelproject/threatwiki_node/issues/99#issuecomment-24853229>
.
— Reply to this email directly or view it on GitHubhttps://github.com/thesentinelproject/threatwiki_node/issues/99#issuecomment-24853804 .
Recreate:
Tested in local development environment and everything seems to work okay there. Were there any changes that went on prod that were not registered in the git repo?
Kenya SOC