tripleblindai/safe-places#47

With backend switched off, all data points are saved into a local file.

With backend switched on, I get a message indicating a single data point has been saved. When I "load" in the publisher I see a single data point, and no map data.

This is multiple issues, but I am only raising one as I'm not sure if the code is complete at the backend.

tripleblindai/safe-places#63

1. Run the API: https://api.express.safeplaces.extremesolution.com/users

Expected Results:
returns null or list of users

Actual Results:
Returns:

504 Gateway Time-out

Steps to repro:

1. Run the https://api.express.safeplaces.extremesolution.com by postman

Expected results:
Returns null or data

Actual Results:
Returns time out 504:

504 Gateway Time-out

We need to add notices to safe-places frontend and backend repository, indicating:

1. The project is still under development
2. The release date (time frame) for the first deployable version of the project.
3. That there can be breaking changes within the code base.

cc @mundanelunacy @kylemtowle @sherifkozman

• Delete, Delete All, and Zoom button, and the date range label on the filter - do not have sufficient colour contrast to meet WCAG guidelines. See https://dequeuniversity.com/rules/axe/3.5/color-contrast?application=AxeChrome
• The element does not have a lang attribute. This is an issue for screen-readers.

Expected behavior

The site should load properly.

Current behavior

An error is thrown, interrupting the app's execution.

Steps to reproduce

Checkout 8b7e125, the latest commit in dev_react, and run yarn start.

Possible explanation

The previous commit, b90b411, runs properly. @Utzel-Butzel, can you reproduce this error?

Environment

tripleblindai/safe-places#53

Has_Backend

Change API spec and publisher form to include the new following fields: Notification URL to safe_paths.json
Save Notification URL via API Spec
On Load of Redacted trails, retrieve Notification URL

No_Backend

Change publisher form to include the new following field: Notification URL to safe_paths.json
Add "Load safe_paths.json" option in the Publisher tool to specify the location of an existing safe_paths.json.
Still support "loading redacted" to add to the lat/long/time data points prior to publishing a new safe_paths.json

Update API Spec to reflect new attribute: Notification UR
Update backend to store/retrieve new attribute: Notification UR

• The aria-label is missing on the time slider (.rc-slider-handle-1 and .rc-slider-handle-2)
• Form element [#react-select-2-input] does not have an aria-label
• Actions drop-down; "Select..." default text; all the blue buttons - do not have sufficient colour contrast to meet WCAG guidelines. See https://dequeuniversity.com/rules/axe/3.5/color-contrast?application=AxeChrome

Add a 3rd web app to the Safe Places mix that allows a contact tracer to conduct a patient interview with no location history.

Allow GPS Long/Lat/Time to be entered manually using a Google Maps interface and then:

If (has_backend)
Publish via API spec to backend similar to the outcome of the Redaction tool
else
Publish to a json file similar to the outcome of the Redaction tool.

Slack interaction with Steve P on this to give context and some ideas of where to start:

Kyle Towle
Enable infected carriers to provide manually entered location data to a Health Authority (edited)
This one is big because it allows HAP's to start using the tool immediately, even before massive mobile app adoption

Steve Penrod 4 hours ago
I was picturing this as a an independent web app, the Builder.
Geocode a place/address, then get a start time and duration. Drop 5 minute coordinates to match

Kyle Towle 3 hours ago
Yeah, I think you are correct. It would be a separate app, but in the same "SPL suite", right?

Kyle Towle 3 hours ago
I just think prior to massive adoption, this would be a good thing to get started with and several HA's have asked about it

Steve Penrod 3 hours ago
Yup!
I think it could be built in just a few hours, I bet. Just use the Google geocoding API and hack up the reaction tool a little. At least that's my Dr Hackenstein approach.

Add address search option as optional

tripleblindai/safe-places#59

Get the above error when trying to "Add entry" to the map

Steps to reproduce:

• Open app
• Open Inspect -> Application tab
• Right-Click Storage -> Local storage
• Select "Clear"
• Click "Add Entry" button in UI
• Enter GPS Coordinates
• Click "Add to Tracks" button

tripleblindai/safe-places#65

Filter points on selected time durations

Presently only one bubble appears on the map when multiple entries are selected

Steps to repro:

Run the https://api.express.safeplaces.extremesolution.com/validate by postman
Expected results:
Returns null or data

Actual Results:
Returns time out 504:

Steps to reproduce

1. Open App
2. Click "Import" button
3. Load Sample_PrivateKit.json

4. Adjust date slider

Can we remove the verbose logging of points skipped when loading the UI? It seems unnecessary outside a debug scenario.

Add additional base map with satellite.

tripleblindai/safe-places#56

Add zoom in and zoom out controls on map

tripleblindai/safe-places#55

I'm not sure about marking this as a bug yet.

As I tried to connect the frontend to my backend, I encountered a problem.
I set the has_backend var to true and tried the '/login' endpoint.

My backend is receiving this body:

{ "{ username: 'hi', password: 'hi' }'": "" }

(Which is not the payload found in the spec)

I looked around the client code and it seems like the Request’s Content-Type Header is set to "application/x-www-form-urlencoded" instead of "application/json"

Setting it to "application/json" sends the payload as expected:

{ "username": "hi", "password": "hi" }

Is this intentional? If so, I could have the server code work around this, but I believe that most front-end http libraries are expecting the latter for sending payloads.

This is hardcoded to be "application/x-www-form-urlencoded" in both of the index.html files, inside of the doXHR function.

Curious about viability of changing this now to use the Content-Type: application/json header.

function doXHR(method, url, param, auth, creds) {
  ...
    // Make the request
    if (method === "POST" && isDefined(param)) {
      var data = param;
      if (isDefined(creds)) {
        req.setRequestHeader("Authorization", creds);
      }
      req.setRequestHeader(
        "Content-type",
        "application/x-www-form-urlencoded"
      );
      req.send(data);
    } else {
      req.setRequestHeader("Authorization", "Basic " + auth);
      req.send();
    }
  });
}

tripleblindai/safe-places#61

When using publisher, I see the following warning in the console:

A cookie associated with a cross-site resource at https://google.com/ was set without the SameSiteattribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set withSameSite=NoneandSecure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.

I successfully redacted data, saved it, loaded in the publishing tool. When I try and publish, I get an invalid date issue.

It looks like a strange datetime_created value is being sent to the back end:

{"datetime_created":"Fri, 27 Mar 2020 04:32:12 GMT","organization_id":"a88309c2-26cd-4d2b-8923-af0779e423a3","safe_path":{"authority_name":"Fake Organization","concern_points":[{"latitude":12.34,"longitude":12.34,"time":123},{"latitude":12.34,"longitude":12.34,"time":456}],"info_website":"https://www.something.gov/path/to/info/website","publish_date_utc":1584924583},"user_id":"a88309c1-26cd-4d2b-8923-af0779e423a3"}

It looks a lot like hardcoded date above!

The examples under the input field labels e.g. "Ex: US Department of Health" do not have sufficient color contract for those with vision issues.

Open IE11
Browse to: https://safeplaces.extremesolution.com/location-scrubber/index.html
Expected Result:
Loads the SafePath WEB app

Actual Results:
Displays a blank page.

Please check the attached screenshot where the timezone label is behind the slider. This is at 100% zoom

It is bad security practice to host data intended for public consumption on the same server as non-public data.

Design requirements:

• Tokens should persist in redux store
• Need to implement logout button
• Design flexibly to allow HA to switch out Auth schemes including:
  • Bearer Auth (Priority)
  • OAUTH2
  • LDAP

@kylemtowle @penrods

Here is my understanding of the use cases for has_backend false and true cases

has_backend = false

1. Contact Tracer (CT) receives file from the patient
2. CT opens Location Scrubber tool
3. CT clicks "Load" and selects file from dialogue
4. CT redacts data
5. CT clicks "Save" and enters filename in dialogue
6. CT sends file to Health Authority Admin (HAA)
7. HAA opens Publisher tool
8. HAA clicks "Load" and selects file from dialogue
9. HAA reviews data
10. HAA clicks "Publish" and enters filename in dialogue

has_backend = true AS-IS

1. Contact Tracer (CT) receives file from the patient
2. CT opens Location Scrubber tool
3. CT clicks "Load" and selects file from dialogue
4. CT redacts data
5. CT clicks "Save" and data is transmitted to BE
6. HAA opens Publisher tool
7. HAA clicks "Load" which loads redacted data
8. HAA reviews data
9. HAA clicks "Publish"

Question: What happens at step 6 if there are a dozen contract tracers who all saved data in the BE at the same time? Does s/he open all redacted data? Latest data?

My understanding is that the HAA is an authority figure who reviews the CTs work by approving/disapproving of the publishing of data. Current UI seems to support this use-case in has_backend = false mode since a single CT passes the HAA a single file. Unclear how the UI is supposed to support this in has_backend = true mode.

Here is how I propose we modify the UI for dev_mvp. Please let me know if this sound right to you

has_backend = true TO-BE

1. Contact Tracer (CT) receives file from the patient
2. CT opens Location Scrubber tool
3. CT clicks "Load" and selects file from dialogue
4. CT redacts data
5. CT clicks "Save" and data is transmitted to BE
6. Location scrubber tool spits out an ID number onto the screen
7. CT shares this ID number to HAA
8. HAA opens Publisher tool
9. HAA enters ID number clicks "Load" which loads redacted data associated with ID
10. HAA reviews data
11. HAA clicks "Publish"

Steps to reproduce:

1. Set backend to true
2. Load data and save in redaction tool
3. Load data and save in publishing tool

Expected results:
Data POST /safe_paths contains an array of concern_points

Actual result:
concern_points is not passed

Possible solution:

in saveText(), move the code that creates the concern_points from the code handling no backend to just before the check for the backend. This way both publishing to a backend or file contains the concern_points.

Found in 369a47

tripleblindai/safe-places#58

tripleblindai/safe-places#62

• Successful with /examples/robert-safe-paths.json
• Failed with the /Sample_PrivateKit.json in root dir

@huskywhale Could you please look into this ?

tripleblindai/safe-places#51

Surely this should be a user identifier?

When I upload a file for redaction it fails, and there is an error in the console.

I was gardening on a 3m by 3m balcony for an hour and quite a few of the data points are showing as travel, with speeds between 0.1 and 0.3 mph. Can we set a floor for the speed that the algorithm considers as travel?

Note this is on the MASTER branch.