#metabrainz

/

      • aerozol
        reo says: sign in page needs bigger create account button

        • 2023-10-03 27647, 2023

      • aerozol
        btw lucifer can you be careful not to turn any of this around without talking to me or monkey first. Because it’s unfiltered notes :)

        • 2023-10-03 27601, 2023

      • aerozol
        reo: images on sign in page look like buttons

        • 2023-10-03 27619, 2023

      • lucifer
        aerozol: sure

        • 2023-10-03 27638, 2023

      • mayhem
        https://usercontent.irccloud-cdn.com/file/SsDmi7K…

        • 2023-10-03 27640, 2023

      • aerozol
        aerozol: it doesn’t send me back to listenbrainz after signup which is, as far as I can tell, our 1# problem that we need to solve

        • 2023-10-03 27604, 2023

      • mayhem
        this page has a create account link. it took me to the create user (not supporter) account. should it go the account disambiguation page instead?

        • 2023-10-03 27605, 2023

      • reosarevok
        reo: sidebar or at least /login should have "Create account" by "Sign in" IMO, but maybe I'm being weird :)

        • 2023-10-03 27615, 2023

      • lucifer
        remember that the email needs to be verified too.

        • 2023-10-03 27653, 2023

      • lucifer
        currently LB doesn't perform that check but in production it will.

        • 2023-10-03 27658, 2023

      • aerozol
        Yeah, whether verified or not “what is this MetaBrainz site I’m not on” and how do I go back to LB

        • 2023-10-03 27601, 2023

      • reosarevok
        reo: "Create your account / access all MetaBrainz projects" -> I'd either do "Access all MetaBrainz projects" or, even better I'd say, "Create your account / to access all MetaBrainz projects"

        • 2023-10-03 27609, 2023

      • aerozol
        e.g. it has sent me to MetaBrainz after registering

        • 2023-10-03 27657, 2023

      • mayhem
        FWIW, I was properly redirect to LB after sign-in.

        • 2023-10-03 27621, 2023

      • aerozol
        Might be sign-in vs account creation

        • 2023-10-03 27626, 2023

      • mayhem
        seems like it.

        • 2023-10-03 27637, 2023

      • lucifer
        mayhem: you are redirected if you already have an account and then sign in with mb/meb. but if you create a new account you aren't

        • 2023-10-03 27640, 2023

      • mayhem
        the former is correct. let me check the latter

        • 2023-10-03 27605, 2023

      • mayhem
        https://usercontent.irccloud-cdn.com/file/S0LjMeS…

        • 2023-10-03 27619, 2023

      • mayhem
        yes, creating account, when I originally came from LB, did not redirect me back to LB. confirmed.

        • 2023-10-03 27635, 2023

      • lucifer
        right, we need to ensure that this email verification also happens before user is redirected to LB.

        • 2023-10-03 27659, 2023

      • mayhem
        ok, even the login process does not redirect me to LB. that is confirmed too.

        • 2023-10-03 27623, 2023

      • aerozol
        lucifer: I have a few other notes but they are visual. Are you keen to chat with me and work through a figma at some point? Either as a summit session or after. We can try pull together this feedback. Maybe I can meet with monkey about it beforehand as well (or all three of us)

        • 2023-10-03 27605, 2023

      • lucifer
        aerozol: sure sounds good. i would prefer to do it asap so a summit session or otherwise this week sounds great

        • 2023-10-03 27624, 2023

      • aerozol
        I think all the elements are good tbh, it’s more the flow from A - Z where I want to get into the users head and make sure they don’t drop off

        • 2023-10-03 27648, 2023

      • monkey
        👍 Happy to work on the css/html myself

        • 2023-10-03 27607, 2023

      • aerozol
        Are you free Thursday/Friday lucifer? I’ll add it to the summit agenda anyway. I’m obviously trapped here so I’ll be around :D

        • 2023-10-03 27620, 2023

      • lucifer
        yes i'll be around

        • 2023-10-03 27657, 2023

      • lucifer
        mayhem, reosarevok: should we discuss the migration of data from MB.org to MeB.org then?

        • 2023-10-03 27623, 2023

      • reosarevok
        reo: entering a silly 1234 testing password gave me no feedback at all

        • 2023-10-03 27632, 2023

      • reosarevok
        but then on submit I get "Password: Field must be between 8 and 64 characters long."

        • 2023-10-03 27644, 2023

      • reosarevok
        You know I had 4 chars, please tell me *before* I submit

        • 2023-10-03 27603, 2023

      • lucifer
        makes sense

        • 2023-10-03 27608, 2023

      • mayhem
        yes, lets.

        • 2023-10-03 27609, 2023

      • reosarevok
        secondary in the same situation, it also blanked my username and email fields - please do save the content for those even if there's some issue with the pass

        • 2023-10-03 27626, 2023

      • lucifer
        that's a bug for sure.

        • 2023-10-03 27626, 2023

      • zas
        bitmap: https://hub.docker.com/repository/docker/metabrai…

        • 2023-10-03 27652, 2023

      • mayhem
        was there some API that we needed to provide as well?

        • 2023-10-03 27604, 2023

      • mayhem
        something about checking the existance of accounts or something like that?

        • 2023-10-03 27616, 2023

      • bitmap
        zas: gracias

        • 2023-10-03 27651, 2023

      • zas
        I think I'll change version tags to something including the distribution name (jammy), the current code expects tags as v#.#.# format or the like. We could tag <version of baseimage>-v<our subversion>, something like jammy-1.1.0-v0.2

        • 2023-10-03 27658, 2023

      • lucifer
        mayhem: yes, its there. also needs to be discussed if we want to expose it to end users.

        • 2023-10-03 27653, 2023

      • lucifer
        mayhem, reosarevok: for migration, i see 4 things. 1) User signup/login forms 2) OAuth app creation/edit forms 3) Existing user data 4) Existing Oauth app data.

        • 2023-10-03 27657, 2023

      • mayhem
        remind me the exact purpose of the endpoint?

        • 2023-10-03 27624, 2023

      • mayhem
        lucifer: hang on, the others are still very much stuck on workflow.

        • 2023-10-03 27645, 2023

      • mayhem
        lets hold off on the migration bits until they come to a resolution on those issues, ok?

        • 2023-10-03 27656, 2023

      • reosarevok
        reo: I created my account, stayed on the MeB page (fine), but it didn't even log me in *there*

        • 2023-10-03 27602, 2023

      • lucifer
        mayhem: when a user has an oauth token with MB tag/profile/rating scopes, and makes a request to MB. it needs to check the token has the required scopes.

        • 2023-10-03 27605, 2023

      • lucifer
        mayhem: sure

        • 2023-10-03 27632, 2023

      • mayhem
        what are the use cases for the public to use this endpoint?

        • 2023-10-03 27639, 2023

      • lucifer
        to check if the token that the user has given a third party app is valid or not, its helpful for providing feedback to the user.

        • 2023-10-03 27647, 2023

      • lucifer
        *given to

        • 2023-10-03 27615, 2023

      • lucifer
        otherwise the app cannot determine if the token is valid until first use.

        • 2023-10-03 27618, 2023

      • reosarevok
        (I still had sign in / create links)

        • 2023-10-03 27620, 2023

      • mayhem
        ok. are the possible abuse vectors for the endpoint?

        • 2023-10-03 27625, 2023

      • aerozol
        lucifer: sorry, scribbling notes furiously over here! but I will have to sort them before getting back to you

        • 2023-10-03 27638, 2023

      • reosarevok
        It did tell me "you need to verify", but it does work if I just sign in, so

        • 2023-10-03 27653, 2023

      • lucifer
        mayhem: you can use the endpoint to bruteforce access tokens

        • 2023-10-03 27604, 2023

      • mayhem
        lucifer: the conversations here are really good that will give good feedback, but its not coming right this sec. :)

        • 2023-10-03 27638, 2023

      • lucifer
        but i think that shouldn't be an issue if the appropriate rate limits are enforced.

        • 2023-10-03 27640, 2023

      • mayhem
        with rate limiting, brute forcing the tokens seem that it would.... take some time?

        • 2023-10-03 27657, 2023

      • lucifer
        yup indeed.

        • 2023-10-03 27658, 2023

      • reosarevok
        lucifer: MEB-152 too

        • 2023-10-03 27659, 2023

      • BrainzBot
        MEB-152: When creating a MeB account from LB, auto-create an LB account (etc) https://tickets.metabrainz.org/browse/MEB-152

        • 2023-10-03 27604, 2023

      • bitmap
        which endpoint are you talking about?

        • 2023-10-03 27612, 2023

      • aerozol
        Discussion is mainly user experience - e.g. if user goes to website A from website B and back again how can we make that make sense

        • 2023-10-03 27624, 2023

      • lucifer
        bitmap: an introspection endpoint for OAuth access tokens.

        • 2023-10-03 27624, 2023

      • mayhem
        > to check if the token that the user has given a third party app is valid or not, its helpful for providing feedback to the user.

        • 2023-10-03 27657, 2023

      • lucifer
        https://www.oauth.com/oauth2-servers/token-intros…

        • 2023-10-03 27657, 2023

      • bitmap
        so tokeninfo not userinfo

        • 2023-10-03 27603, 2023

      • monkey
        lucifer: error thrown in the test.MeB container. Reo tried to modify his email on the MeB website:

        • 2023-10-03 27605, 2023

      • lucifer
        right

        • 2023-10-03 27606, 2023

      • monkey
        https://www.irccloud.com/pastebin/9QaBAGRe/

        • 2023-10-03 27636, 2023

      • lucifer
        i see

        • 2023-10-03 27604, 2023

      • reosarevok
        lucifer: is there any non-supporter, edit profile page now?

        • 2023-10-03 27607, 2023

      • lucifer
        bitmap: tokeninfo would include user's basic info like username and email probably

        • 2023-10-03 27613, 2023

      • lucifer
        reosarevok: not yet

        • 2023-10-03 27642, 2023

      • reosarevok
        Ok :) Is there any way for me to change my example@example.com email to something I can verify or should I just create a second account for now?

        • 2023-10-03 27656, 2023

      • lucifer
        i can edit it in db directl

        • 2023-10-03 27614, 2023

      • reosarevok
        Maybe the best option for now, set my meb one?

        • 2023-10-03 27643, 2023

      • lucifer
        reosarevok@metabrainz.org ?

        • 2023-10-03 27647, 2023

      • reosarevok
        Yeah

        • 2023-10-03 27657, 2023

      • lucifer
        done

        • 2023-10-03 27647, 2023

      • monkey
        I tried logging in to mayhem's test LB with a new account (I can log in to MeB website), but I get a JSON error instead of a page:

        • 2023-10-03 27650, 2023

      • monkey
        https://www.irccloud.com/pastebin/BgvcG6jm/

        • 2023-10-03 27656, 2023

      • mayhem
        lucifer: do we keep track of user vs supporters in separate tables right now?

        • 2023-10-03 27601, 2023

      • mayhem
        or it is just a "flag"?

        • 2023-10-03 27604, 2023

      • monkey
        Maybe an http vs. https issue?

        • 2023-10-03 27609, 2023

      • lucifer
        mayhem: separate table

        • 2023-10-03 27615, 2023

      • mayhem
        ok

        • 2023-10-03 27623, 2023

      • lucifer
        monkey: the redirect uri on prod is different. let me update

        • 2023-10-03 27633, 2023

      • reosarevok
        lucifer: cool, how do I request a new verification email? :)

        • 2023-10-03 27638, 2023

      • monkey
        Using test.MeB I think

        • 2023-10-03 27649, 2023

      • lucifer
        reosarevok: good point, i am adding that page as we speak.

        • 2023-10-03 27656, 2023

      • monkey tries again

        • 2023-10-03 27600, 2023

      • lucifer
        a new account for now would be best

        • 2023-10-03 27622, 2023

      • reosarevok
        (in MB is literally "edit your account, reenter the email", but that's probably shit UX so maybe you have better ideas :p )

        • 2023-10-03 27646, 2023

      • lucifer
        mayhem: try again

        • 2023-10-03 27650, 2023

      • lucifer
        *monkey ^

        • 2023-10-03 27614, 2023

      • zas
        bitmap: https://github.com/metabrainz/base-image/actions/…

        • 2023-10-03 27618, 2023

      • mayhem
        yep, now when I login I get " "description": "Redirect URI http://localhost:8100/login/musicbrainz/post/ is not supported by client."" too

        • 2023-10-03 27629, 2023

      • mayhem
        what changed? I didn't change anything on my config.

        • 2023-10-03 27641, 2023

      • aerozol
        fyi lucifer an interesting discussion was is that it should log people in immediately, redirect back to LB/the source project, and then display a ‘your email is not verified’ banner/object on LB (but they are technically ‘logged in’)

        • 2023-10-03 27655, 2023

      • monkey
        Worked for me this time (although the auth dance without redirection is a pain/confusing)

        • 2023-10-03 27615, 2023

      • mayhem
        aerozol needs to prep for the live streams. but reo money and I will continue

        • 2023-10-03 27620, 2023

      • lucifer
        mayhem: i updated your redirect uri so that monkey could test it using the 10.10.10 ui

        • 2023-10-03 27625, 2023

      • lucifer
        *urk

        • 2023-10-03 27635, 2023

      • lucifer
        aerozol: that sounds like fair enough to me.

        • 2023-10-03 27659, 2023

      • lucifer
        although, you would still need to login again after email verification i think.

        • 2023-10-03 27609, 2023

      • bitmap
        zas: what will the final tag be, jammy-1.1.0-v0.0 ?

        • 2023-10-03 27653, 2023

      • bitmap
        nvm

        • 2023-10-03 27637, 2023

      • mayhem
        ok, shall we try talking more about migration?

        • 2023-10-03 27641, 2023

      • reosarevok
        lucifer: MEB-153

        • 2023-10-03 27641, 2023

      • BrainzBot
        MEB-153: On new MeB account documentation, show relevant info only https://tickets.metabrainz.org/browse/MEB-153

        • 2023-10-03 27614, 2023

      • monkey
        https://www.irccloud.com/pastebin/dK7I35NY/

        • 2023-10-03 27616, 2023

      • monkey
        https://usercontent.irccloud-cdn.com/file/tlbCfG5…

        • 2023-10-03 27626, 2023

      • monkey
        dammit

        • 2023-10-03 27629, 2023

      • monkey
        thanks lucifer the redirect fix worked. Now next issue :) I get the auth permission request screen, click "accept request", and get redirected to mayhem's LB website, but I'm not logged in.

        • 2023-10-03 27629, 2023

      • monkey
        When I try to log in again on the LB website I get the same dance -> request perms -> grant -> redirected to LB not logged in

        • 2023-10-03 27619, 2023

      • lucifer
        monkey: i see. do mayhem's LB docker-compose logs show anything ?

        • 2023-10-03 27602, 2023

      • mayhem
        zero errors in log

        • 2023-10-03 27650, 2023

      • reosarevok
        lucifer: heh, "Another user with email 'reosarevok@metabrainz' exists."

        • 2023-10-03 27658, 2023

      • reosarevok
        mayhem is deleting the old one

        • 2023-10-03 27634, 2023

      • mayhem
        no luck. test.meb.org /admin throws a 500 error, lucifer

        • 2023-10-03 27622, 2023

      • lucifer
        reosarevok: deleted from db

        • 2023-10-03 27639, 2023

      • reosarevok
        lucifer: please also check confirm pass matches pass before I submit the form if at all possible :)

        • 2023-10-03 27652, 2023

      • lucifer
        yup makes sense

        • 2023-10-03 27605, 2023

      • lucifer
        i guess it might best to react-ify the forms.

        • 2023-10-03 27640, 2023

      • BrainzGit
        [listenbrainz-server] 14amCap1712 opened pull request #2590 (03master…mb-host-configure): Make musicbrainz instance url configurable https://github.com/metabrainz/listenbrainz-server…

        • 2023-10-03 27639, 2023

      • BrainzGit
        [metabrainz.org] 14mayhem opened pull request #436 (03master…SEC-1158): Update urllib for SEC-1158 https://github.com/metabrainz/metabrainz.org/pull…

        • 2023-10-03 27615, 2023

      • monkey
        Sandwich menu: https://usercontent.irccloud-cdn.com/file/1AnfBIA…

        • 2023-10-03 27619, 2023

      • reosarevok
        lucifer: when it says "tag rating profile" as permissions I'm giving, is that three *different* permissions? It's confusing now

        • 2023-10-03 27628, 2023

      • monkey
        Everyone please choose one.

        • 2023-10-03 27636, 2023

      • aerozol
        everyone: FYI the livestream is up, I just have the camera on the whiteboard, audio is muted

        • 2023-10-03 27638, 2023

      • monkey
        reosarevok: please poke everyone :)

        • 2023-10-03 27653, 2023

      • lucifer
        reosarevok: the ui for the permissions stuff is pending.

        • 2023-10-03 27653, 2023

      • aerozol
        THE LIVESTREAM WILL GO WELL AND NOTHING WILL GO WRONG

        • 2023-10-03 27655, 2023

      • mayhem
        monkey: Mexicano!

        • 2023-10-03 27631, 2023

      • aerozol
        https://www.youtube.com/watch?v=nEGlylVPY44

        • 2023-10-03 27604, 2023

      • reosarevok
        ALL SHALL BE WELL, AND ALL SHALL BE WELL, AND ALL MANNER OF THINGS SHALL BE WELL

        • 2023-10-03 27625, 2023

      • zas
        monkey: Mexicano

        • 2023-10-03 27631, 2023

      • yvanzo
        monkey: Trufado

        • 2023-10-03 27635, 2023

      • aerozol
        the vegan one plz

        • 2023-10-03 27638, 2023

      • bitmap
        monkey: "green bea"

        • 2023-10-03 27657, 2023

      • reosarevok
        monkey: aserejé (ja-deje-dejebe-tudejebere-sebiounova?)

        • 2023-10-03 27618, 2023

      • reosarevok
        lucifer: I'm unable to log in in LB but I understand that is known?

        • 2023-10-03 27626, 2023

      • lucifer
        yes

        • 2023-10-03 27646, 2023

      • zas
        yvanzo: discourse upgraded, plugin installed

        • 2023-10-03 27647, 2023

      • lucifer
        i am not sure what the issue is currently but it should be working. it did for mayhem sometime ago

        • 2023-10-03 27659, 2023

      • reosarevok
        Ok