Comments (4)
rtyley
commented on August 24, 2024
Hi @snim2 - so this checker was put in as a guard against hypothetical denial-of-service attacks against the public demo instance of gu:who at https://gu-who.herokuapp.com/ - the code for the check is here:
https://github.com/guardian/gu-who/blob/3041000b/app/lib/AuditDef.scala#L81-L85
The check doesn't require the organisation to be more that 3 months old, but does require that the organisation has at least one public member. (GitHub allows your membership of an organisation to be 'concealed' or 'public'). Any user account that was over a few months old stood more chance of being legit (ie not being a DOS-attack account).
Organisations can actually add any old random account they want to their org - I could randomly add Linus Torvalds to one of my own organisations if I wanted, without his consent, but he would have to mark his membership as public before anyone could see it, and that would show that he actively wanted to be a member of that org.
So, gu:who wants the account to be both oldish and a public member of the organisation.
Your account is certainly old enough, but you have not publicised your membership of your organisation (whatever it is). I can see only one organisation which you're publicly a member of (@RHOKBrum) on your profile, and I'm guessing that's not the one you're using for your tests? In order to get gu:who to run, you can just publicise your membership of your test organisation, or indeed, just remove the check.
The intended use-case of gu:who is on organisations are basically pretty big and pretty old, where people have lost track of who the heck all the people are. So this check doesn't seem too onerous, and I'd hoped that the error message was kind of self-explanatory, but I will see if I can make it clearer.
from gu-who.
rtyley
commented on August 24, 2024
Organisation @MYORG must have at least one *public* member whose account is over 3 months old
Actually, I'd really appreciate it if you could suggest a way I could make this message clearer, I think I'm too close to the code to find a way to phrase it better.
from gu-who.
snim2
commented on August 24, 2024
Well, for goodness sake. I didn't even know that it was possible to conceal membership of organizations. I guess they hide that sort of gnostic wisdom in docs.
Anyway, I have sent a pull request. I don't have a good dev environment where I am this evening, so I haven't been able to test this, but I think it is more helpful to a novice or unsuspecting user. Also, I don't know what your coding conventions are, so you might want to refactor.
HTH and thanks for responding so quickly.
from gu-who.
rtyley
commented on August 24, 2024
No worries, improved messaging merged in with 1d5e654 & 51f492e.
from gu-who.
Related Issues (20)
- 403 trying to post directly to service - CSRF Error HOT 2
- Oops, an error occured HOT 5
- Document the "bots" and "2fa_disabled" groups HOT 2
- Runs this regularly on a server? HOT 4
- bot user and access token requirements HOT 8
- mention the grace period in the issues that are open HOT 2
- make grace period configurable HOT 2
- add a test mode HOT 2
- warning confuses when issue closed in same comment HOT 1
- Protect against stupid operators who didn't fill out a users.txt before running HOT 9
- Add deployment process in readme HOT 1
- Heroku request timeout HOT 4
- User removed even though all requirements were addressed HOT 4
- Allow anonymous users HOT 3
- The issue for each problematic user is added twice during one audit HOT 4
- Outside collaborators HOT 1
- Users allowed to sponsor themselves
- Hosted and self-hosted instances of gu-who appear to be broken?
- Check references to master
- Update other build configuration
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gu-who.