franklindyer / agora-app Goto Github PK

Account deletion isn't supported on the frontend yet. However, it's supported on the backend by POSTing to /leave.

There should be a suite of automated tests to run on new versions of the site before pushing to deployment. This could be as simple as a shell script performing each possible essential API call to the site, though ideally we would get more advanced with this in the future.

Blocked by #97. This isn't feasible with captcha protection turned on.

The hypothesis is that the character limit of the bug report is being calculated on the client side via unicode, and on the server side via ascii. This is causing an issue when sending a bug report of maximum length (currently 5,000 characters) if the report has any characters that are encoded more compactly on the frontend vs the backend.

For example, sending 5,000 characters "Moby Dick" (with some unicode characters) is allowed through the frontend but is rejected on the backend. However, sending 5,000 letter "a"s is allowed through both the frontend and the backend.

When visiting a post, a user should be able to see whether they currently like or dislike that post.

I think that this is currently missing support both on the backend and the frontend. That is, this info isn't being passed to the templates at all right now.

Email reset is broken because the form doesn't take into account the new password requirement.

I'm working on fixing this now, but this issue is for posterity.

This is done by specifying an image file extension in the uploaded file title (e.g., uploading my-script.js as my-script.png). The browser still processes this as the given file extension (e.g., .png), so it's not actually executing any code. However, the file is able to be hosted, which feels like a vulnerability.

There should be more captchas to limit certain interactions like logging in, writing posts/comments, etc.

The site needs some defense mechanisms against CSRF. These include:

• CSRF tokens linked to users' individual session cookies attached to all sensitive forms.
• Referer-based blocking of malicious POST requests.
• Configuration of content security policy.
• Logging out should close all active sessions rather than just the one currently in use.
• Require the user's current password before changing their email from the account page.
• Use Same-Site: Strict for session cookies

After a certain number of requested password reset emails, a person should have to put in their recovery code to get another email. This is to prevent DoS attacks on a user with a known email.

Anywhere where there is a timestamp, the formatting could be more readable, and also a user should be able to select their preferred time zone.

Session token expiration isn't implemented yet. This won't be hard to implement, so this issue will just serve as a reminder that it needs to get done before the end of the development phase.

This is a bad practice! Need to figure out how to allow non-root user inside of the Docker image to still be able to access the contents of volumes.

I have to implement this feature with javascript.

There is no reason for the pfp column of the users database table to refer to images by their imgid rather than their accessid. This just makes everything more confusing. The whole AgoraDatabaseManager and the database schema should be refactored so that pfp refers to images by their accessid instead. Some tweaks may also need to be made to templates.

It would be nice to be able to confirm your password during account creation or password resetting.

AgoraDatabaseManager should not open a brand new connection for each command. A new connection for each thread (responding to a web request) would be reasonable. Alternatively, we could use a single connection (or a small finite fixed number of them) and use an async task queue.

You should be able to specify the size of an image at upload time.

To prevent users from writing their own bots to abuse the API, some sort of rate limiting needs to be implemented for actions that require users to be logged in. This could be as simple as keeping track of the user's last write action, and preventing any further write action that occurs before a (short) delay has passed.

Users should not be required to copy the link in the address bar of one of their uploaded images to embed it in a post. There should be a shortcut for copying a relative link to your image (e.g. /userimg/abc123) to the clipboard, so that users can easily attach images to their posts.

Python's markdown.markdown will not clean <script> elements from users' posts. Maybe we can use something like the bleach package to remediate this.

Some things I would like to change about the post writing page:

• Create a more intuitive way to include images in a post.
• Add something directly on the page that will guide users' usage of markdown - either a link to an existing guide, or something we have written.
• Have a preview available that will let a user preview their post (in rendered markdown) before posting.
• Add support that allows a user's post to be saved locally so that they will not lose anything in case they are logged out or refresh/leave the page before posting.
• Tweak and/or remove some markdown processing, such as the stripping newline behavior.

(Ironically)

Attempting to submit a bug report redirects to login, so it's not possible to actually submit a report.

Links to incorrect page.

Right now, when a user deletes their account or deletes a post, the account/post is completely erased. This is inconvenient for triaging suspicious events by looking at the logs: logs refer to users/posts by their IDs, but the logs may refer to a user or post that no longer exists. Even worse, the log might refer to a deleted user by their ID, and a newer user might currently possess that ID, meaning that the log event might be misattributed.

Not sure yet how to fix this. Thoughts?

One idea is that we might not exactly "delete" users/posts, but rather "archive" them, so that they appear deleted to all other users but are still available for forensic purposes.

The app should be decoupled from some of the external APIs upon which it relies, namely Mailgun and reCaptcha.

Ideally, the following things should be changed:

• The AgoraEmailer should be made into an interface, of which the Mailgun emailer is only one implementation
• Other emailers should be available, e.g. one that uses Gmail, or one that uses Discord or text messaging
• It should be possible to run the application without using captchas at all
• Captcha usage should be abstracted through an interface, so that services other than reCaptcha can be used
• The database manager should support other SQL DBMSs

When not logged in, following a confirmemail link leads users to the login page. This is confusing behavior, and users should be notified that their email has been successfully confirmed rather than taken to /login.

There is a workaround for a none type error when doing preprocessing in the database manager. The method is getPfp().

Images load slowly (with a significant flash of alt text), and sometimes don't load at all (and only show alt text).

Delivering recovery codes to users' inboxes in plaintext is a security weakness. Instead, a one time link should be delivered to users' inboxes, through which they can visit a page on the site that will show them their recovery code only once. After leaving that page, it is up to the user to have stored the recovery code in a safe place.

When a user is on their own profile, the info box to update their status does not wrap. It can be fixed by changing the input element to a textarea element, but that solution requires js. Therefore, I am keeping this as an open issue until I decide to go back and set up js for our various features that require it. In the meantime, this behavior works (it's just bad looking) and is clean.

Right now, browsing users or posts just lists all the posts and users on the site. Really, we want to show the X latest posts, and possibly something similar for the users.

Some sort of "are you sure you want to change your password/email?" alert should exist.

• Friends - friend request button; friend requests list; delete friends
• Password recovery
• Bug reporting page / contact us page
• Account settings confirmation page (some page with a secondary confirmation before attempting to change email/password)
• Liking and disliking posts buttons
• Image uploading, linking, and viewing
• Change profile pictures

Cosmetic / low importance:

• Password verification check ("confirm your password" field)
• Post and comment writing boxes that dynamically resize based on content

@franklindyer Please feel free to add a comment to this issue if you notice any additional TODO items that aren't listed here, and I'll add them.

When you are logged in and looking at your own profile, the "status" editable text box cuts off in a weird way that often makes it impossible to read your entire status.

As I work on the account creation login I'm realizing that it would be easy for a user to spam-create + verify accounts and block off a lot of usernames that way, e.g. using email aliasing to have a bunch of unique email addresses. It occurs to me that we should probably incorporate captchas into the site somehow, at the very least for account creation.

The email sent for verifying an account has an extra https:// prepended to it, removing this gives the proper URL.

It looks like the form on the user account page by which one edits their account info is POSTing to the wrong path. In my server logs it's showing a POST request to /user/account, but I think it should just POST to /account. This results in a "method not allowed" message being displayed to the client when they press enter to save their usernames/status/whatever.

@altheaden