hookflash / obsolete.op-identity-provider-server-php Goto Github PK

When identity-access-start is sent for identity://twitter.com/ the inner frame does nothing.

Once moved, declare dependency via http://getcomposer.org/

See: https://github.com/openpeer/op-identity-provider-client-js/issues/3

If you login to facebook, it completes but window remains open and never completes. identity-login-complete notification never fires.

https://gist.github.com/robin-raymond/b4040d6699b7d5a4bc79

Update SQL setup file with the latest database setup.

Install PHP >= 5.4. on Lockbox instance in order for hex2bin() to be possible.

After that reassign back to me, so that I can refactor accordingly.

http://docs.openpeer.org/OpenPeerProtocolSpecificationAnnexRolodex/

rolodex-credentials-get should return error code result from inner frame to outer-frame when identity provider supports rolodex but particular identity does not.

Add support from JS side to be able to upload avatars and give displayNames for the users that are about to sign-up.

Make sure SMS and SMTP configs aren't compromised by auto-deploy, just the same as for config.php. These files are in the ...app/config/special/ directory

@elagerway Where can I find the design files?

Here is identity service's behavior:
https://gist.github.com/robin-raymond/365ba504527e4dfe328c

The "name" field is returned empty because it is not set in the database. It can be set only upon sign-up on identity provider, when identity provider sends hosted-identity-update. That request is checked and works correctly.

So, the issue is most probably that JS does not send "name" to PHP service on sign-up.

Example sign-up with "displayName":
{
"request": {
"$domain": "provider.com",
"$id": "abc",
"$handler": "identity-provider",
"$method": "sign-up",

    "identity": {
        "type": "federated",
        "identifier": "adriano",
        "passwordHash": "adjfhgqiu4rt346ruyegurfguaiy4tr4",
        "secretSalt": "hwyuig5yg5tjhsvrktyg5jgk5ygt54",
        "serverPasswordSalt": "wuiywg5tg765tiuysut6tsuygrtuue45",

        "displayName": "Adriano Maljkovic"
    }
}

}

• Please note: in JS<->PHP communication it is still called "displayName", but it's the same thing as "name" on Java side.

On wrong password scenario the JS side should be behaving as:

Login failed due to wrong password typed!

• register identity.hookflash.me with HCS on Lockbox instance using test client as Customer Portal.
• setup all the id provider configuration based on what Java returned as a result of provider-create

9477369

8b380e0

In these commits ^^ wrong DBs have been dumped. Inside the op-identity-provider-server-php project no DB but the one called 'provider_db' can be dumped. This is a public repo and can have public dbs only. Other DBs, like hf_password1_db, hf_password2_db and hf_service_db, do not belong here. They should be private and can be dumped onside the hcs-servers-java repo.

If existing username is sent in a sign-up request, the server will respond in:

{
"result": {
"$domain": "provider.com",
"$id": "abc",
"$handler": "identity-provider",
"$method": "sign-up",
"$epoch": "1380547206",
"error": {
"reason": {
"$id": "403",
"message": "Identity already exists: identity of type: 'federated' with identifier: 'adi' cannot be created."
}
}
}
}

Please, return this error message to client.

Scenario:

1. sign-up a user against identity provider (let's say federated)
2. try deleting the user using SQL:
   delete from user where user_id=<USER_ID>
3. It will be deleted in user table, but remains forever in federated table.

See: http://docs.openpeer.org/OpenPeerProtocolSpecificationAnnexRolodex/#IdentityServiceRequestsAnnex-IdentityAccessRolodexCredentialsGetRequest

As a result for the login request, among other stuff, the server should return the hosting data which is consisted of the hostingProof and expiry.

It should be given in this format:
"hostingData": {
"nonce": "ghjg3y467trfyutfr67u5r345",
"hostingProof": "bg8fi674trystgye5t897t458utseou5t8964st89s5t76",
"hostingProofExpiry": 3744896567
}

I've been thinking that the example provider should make an "auto friends list" for the rolodex. This list should include all friends under the same app ID.

This would make a good way to easily test the application by us and others but not create a massive impossible list over time since the list is scoped just to those whom share the same app ID.

What do you think?

cc: @adriano-maljkovic

Create a new page at /test-service that I can hit with a POST request to test the identity provider setup.

It should try to connect to mysql and maybe do some other things and then return with 200 if ok or 500 if not.

All usernames entered by a client should be normalized on JS side before being passed to any server. The normalization means to lower-case.

Robin is not same username as robin

identity://foo.com/robin

We should normalize all usernames that are case insensitive so the identity URI is stable / identical.

singup form is still a bit glichy on the new instance, I can make it work but it often boots me out of the cell I'm typing in for unknown reasons

@robin-raymond FYI

Browser visible notification seems to get sent when not needed after facebook oauth.

Notification may also be sent too early before facebook oauth.

Another notification may get sent later with the grant service when already granted. (depends on #38)

appid not being passed out through JS to servers on various requests.

After logging in again UI is stuck on Opening login page ....

Example: http://legacy.instances.system.hookflash.com/logs#identity-cpp-1382052405443-net.cadorn.hookflash.app1-67RlEb3zNtxxx-1384644391-e218309be1xxx
From line unable to associate identity as already shutdown down is relogin.

Scenario:

• Login
• Logout - Shutdown for account is called but it never gets in shutdown state. (app didn't crash)
  Log: http://legacy.instances.system.hookflash.com/logs#identity-cpp-1385724548082-com.hookflash.SergejSampleApp-j5n5rWQstUxxx-1388315097-a8b0a05a72xxx
• After app is manually closed, new login is started but app crashed. Before app is crashed IAccount get in Shutting down, but never riches shutdown state. (this happened only once, that app crashed on login)
  Log: http://legacy.instances.system.hookflash.com/logs#identity-cpp-1385724791252-com.hookflash.SergejSampleApp-1JeSZMYhDhxxx-1388316790-6fb92ff5c3xxx

It looks like it is having difficulties to shutdown the socket.

ICESocket [74] waiting for sockets to shutdown, total=1 @services_ICESocket.cpp(1126) [cancel]
stack::Account [66] shutdown still waiting for RUDP socket to shutdown @stack_Account.cpp(2090) [cancel]

Provide a way to upload avatars on sign-up page.
connected issue: #44

Add support for identity://github.com

https://github.com/openpeer/hcs-system/issues/18
#12

Need an environment to start working on this. (code is almost complete, need to test)

$depends https://github.com/openpeer/hcs-system-tests/issues/1

Use hostingData given by server upon login to perform hosted-secret-part-get and hosted-secret-part-set.

#13

Once CPS gets the devtools-database-clean request, it will perform a devtools-database-clean-provider request on every provider listed in request.

Example:

{
    "request": {
        "$domain": "provider.com",
        "$id": "abc",
        "$handler": "identity",
        "$method": "devtools-database-clean-provider",

        "nonce": "",
        "hostingSecretProof": "",
        "hostingSecretProofExpires": "",
        "purpose": "",
        "appids": [
            "",
            "",
            ""
        ]
    }
}

After posting to inner frame: https://gist.github.com/cadorn/9eb4d0e2337380da5fd0

And completing facebook oauth I get redirected to my outerFrameURL but with a request appended to it: http://localhost:8081/test/stack/41-AccountFinder-Live&%7B%22result%22%3A%7B%22loginStat ...

HostingData should be returned upon login to the JS side, since it needs it for the hosted-secret-part-get/set.

https://idprovider.com/.well-known/openpeer-services-get

This request should ALWAYS be hit as a GET request. The 302 redirect that happens after this request will be sent to a different URL whereupon a POST request will be issued with the original domain.

Thus for hosting scenarios, it will hit identity provider like this as a GET (without a "request" payload):
https://idprovider.com/.well-known/openpeer-services-get

(302 redirect reply to cloud service, like hcs.io)

Whereupon a POST is issued with the full "request" payload with the domain information as "idprovider.com":
https://hcs.io/services-get
^^^ NOTE: This URL is NOT under .well-known for hcs.io since it's NOT describing the 'well-known' information for HCS's service.

This is necessary because it will be hard for developers to install PHP (or other stuff) under corporate "well-known" where scripting isn't always available.

For .well-known/openpeer-services-get under hcs.io you'd only have services described that are relevant to open peer services directly related to hcs.io exclusively (if any of those exist) and only include the entries that are relevant for hcs.io and not to any hosted service domains. If there is nothing to advertise it should return a 404.

Everything I need to do from cloning this repo to setting up the different auth strategies to testing it.

I don't think usernames should do the auto-typing correction

It's more frustrating than help. Possible to disable that from the signup / login form?

This request should be called from server side of identity provider to identity service.

It is needed for the identity service to be able to know the profile data of a user (avatars, profile, vprofile, feed, displayName).

The request should be called upon sign-up (for federated identities) and upon OAuth authentication if a new identity is being created. Also, should happen when a user changes it's profile (which will not be supported for the '1st phase').

From https://github.com/openpeer/opios/issues/28:

I tracked down the problem. It was just with one Facebook account. When I first tried to sign in with it I pressed the button that said hookflash could not post on my wall. Afterwards I tried removing the app from...

https://www.facebook.com/appcenter/my

...and repeating the process. I guess there is account info on the provisioning server that is preventing a clean start.

When I registered another Facebook account and used that it worked fine.