aerozol: it doesn’t send me back to listenbrainz after signup which is, as far as I can tell, our 1# problem that we need to solve
mayhem
this page has a create account link. it took me to the create user (not supporter) account. should it go the account disambiguation page instead?
reosarevok
reo: sidebar or at least /login should have "Create account" by "Sign in" IMO, but maybe I'm being weird :)
lucifer
remember that the email needs to be verified too.
currently LB doesn't perform that check but in production it will.
aerozol
Yeah, whether verified or not “what is this MetaBrainz site I’m not on” and how do I go back to LB
reosarevok
reo: "Create your account / access all MetaBrainz projects" -> I'd either do "Access all MetaBrainz projects" or, even better I'd say, "Create your account / to access all MetaBrainz projects"
aerozol
e.g. it has sent me to MetaBrainz after registering
mayhem
FWIW, I was properly redirect to LB after sign-in.
aerozol
Might be sign-in vs account creation
mayhem
seems like it.
lucifer
mayhem: you are redirected if you already have an account and then sign in with mb/meb. but if you create a new account you aren't
yes, creating account, when I originally came from LB, did not redirect me back to LB. confirmed.
lucifer
right, we need to ensure that this email verification also happens before user is redirected to LB.
mayhem
ok, even the login process does not redirect me to LB. that is confirmed too.
aerozol
lucifer: I have a few other notes but they are visual. Are you keen to chat with me and work through a figma at some point? Either as a summit session or after. We can try pull together this feedback. Maybe I can meet with monkey about it beforehand as well (or all three of us)
lucifer
aerozol: sure sounds good. i would prefer to do it asap so a summit session or otherwise this week sounds great
aerozol
I think all the elements are good tbh, it’s more the flow from A - Z where I want to get into the users head and make sure they don’t drop off
monkey
👍 Happy to work on the css/html myself
aerozol
Are you free Thursday/Friday lucifer? I’ll add it to the summit agenda anyway. I’m obviously trapped here so I’ll be around :D
lucifer
yes i'll be around
mayhem, reosarevok: should we discuss the migration of data from MB.org to MeB.org then?
reosarevok
reo: entering a silly 1234 testing password gave me no feedback at all
but then on submit I get "Password: Field must be between 8 and 64 characters long."
You know I had 4 chars, please tell me *before* I submit
lucifer
makes sense
mayhem
yes, lets.
reosarevok
secondary in the same situation, it also blanked my username and email fields - please do save the content for those even if there's some issue with the pass
was there some API that we needed to provide as well?
something about checking the existance of accounts or something like that?
bitmap
zas: gracias
zas
I think I'll change version tags to something including the distribution name (jammy), the current code expects tags as v#.#.# format or the like. We could tag <version of baseimage>-v<our subversion>, something like jammy-1.1.0-v0.2
lucifer
mayhem: yes, its there. also needs to be discussed if we want to expose it to end users.
mayhem, reosarevok: for migration, i see 4 things. 1) User signup/login forms 2) OAuth app creation/edit forms 3) Existing user data 4) Existing Oauth app data.
mayhem
remind me the exact purpose of the endpoint?
lucifer: hang on, the others are still very much stuck on workflow.
lets hold off on the migration bits until they come to a resolution on those issues, ok?
reosarevok
reo: I created my account, stayed on the MeB page (fine), but it didn't even log me in *there*
lucifer
mayhem: when a user has an oauth token with MB tag/profile/rating scopes, and makes a request to MB. it needs to check the token has the required scopes.
mayhem: sure
mayhem
what are the use cases for the public to use this endpoint?
lucifer
to check if the token that the user has given a third party app is valid or not, its helpful for providing feedback to the user.
*given to
otherwise the app cannot determine if the token is valid until first use.
reosarevok
(I still had sign in / create links)
mayhem
ok. are the possible abuse vectors for the endpoint?
aerozol
lucifer: sorry, scribbling notes furiously over here! but I will have to sort them before getting back to you
reosarevok
It did tell me "you need to verify", but it does work if I just sign in, so
lucifer
mayhem: you can use the endpoint to bruteforce access tokens
mayhem
lucifer: the conversations here are really good that will give good feedback, but its not coming right this sec. :)
lucifer
but i think that shouldn't be an issue if the appropriate rate limits are enforced.
mayhem
with rate limiting, brute forcing the tokens seem that it would.... take some time?
what changed? I didn't change anything on my config.
aerozol
fyi lucifer an interesting discussion was is that it should log people in immediately, redirect back to LB/the source project, and then display a ‘your email is not verified’ banner/object on LB (but they are technically ‘logged in’)
monkey
Worked for me this time (although the auth dance without redirection is a pain/confusing)
mayhem
aerozol needs to prep for the live streams. but reo money and I will continue
lucifer
mayhem: i updated your redirect uri so that monkey could test it using the 10.10.10 ui
*urk
aerozol: that sounds like fair enough to me.
although, you would still need to login again after email verification i think.
bitmap
zas: what will the final tag be, jammy-1.1.0-v0.0 ?
thanks lucifer the redirect fix worked. Now next issue :) I get the auth permission request screen, click "accept request", and get redirected to mayhem's LB website, but I'm not logged in.
When I try to log in again on the LB website I get the same dance -> request perms -> grant -> redirected to LB not logged in
lucifer
monkey: i see. do mayhem's LB docker-compose logs show anything ?
mayhem
zero errors in log
reosarevok
lucifer: heh, "Another user with email 'reosarevok@metabrainz' exists."
mayhem is deleting the old one
mayhem
no luck. test.meb.org /admin throws a 500 error, lucifer
lucifer
reosarevok: deleted from db
reosarevok
lucifer: please also check confirm pass matches pass before I submit the form if at all possible :)
