Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

BUG: New Person inserted each time I authenticate with Google #29

Closed
5 tasks done
nelsonic opened this issue Dec 2, 2019 · 9 comments
Closed
5 tasks done

BUG: New Person inserted each time I authenticate with Google #29

nelsonic opened this issue Dec 2, 2019 · 9 comments
Assignees
Labels
awaiting-review An issue or pull request that needs to be reviewed bug Suspected or confirmed bug (defect) in the code chore a tedious but necessary task often paying technical debt T1h Time Estimate 1 Hour

Comments

@nelsonic
Copy link
Member

nelsonic commented Dec 2, 2019

Minor issue: the App.Ctx.get_person_by_email invoked in google_auth_controller.ex
does not do what we expect it to ...
https://github.com/dwyl/app-mvp-phoenix/blob/5a9a0fddb2d908de48b2b4de9853dbcaef63a0e5/lib/app_web/controllers/google_auth_controller.ex#L15

This is never going to work in a world where the email field is encrypted ...
(i.e. each time the email address [email protected] is encrypted/inserted the ciphertext is different ...)
https://github.com/dwyl/app-mvp-phoenix/blob/5a9a0fddb2d908de48b2b4de9853dbcaef63a0e5/lib/app/ctx.ex#L238

The result is that a new person record is inserted each time the person uses Google Auth:
image

🙄

Todo

  • Ensure that the people schema has field :email_hash, Fields.EmailHash defined
    • Confirm that all tests still pass after updating the field definition.
  • modify the App.Ctx.get_person_by_email/1 function to:
    • Use Fields.EmailHash.dump(email) to hash the email address before attempting to look it up.
    • Lookup an email by the email_hash not the email (Fields.EmailEncrypted)
def get_person_by_email(email) do
  email_hash = Fields.EmailHash.dump(email)
  Repo.get_by(Person, email_hash: email_hash)
end 
@nelsonic nelsonic added bug Suspected or confirmed bug (defect) in the code chore a tedious but necessary task often paying technical debt labels Dec 2, 2019
@SimonLab SimonLab self-assigned this Dec 3, 2019
@SimonLab SimonLab added T1h Time Estimate 1 Hour in-progress An issue or pull request that is being worked on by the assigned person labels Dec 3, 2019
@SimonLab
Copy link
Member

SimonLab commented Dec 3, 2019

Confirm that all tests still pass after updating the field definition.

No they don't!
image

Updating the tests now. Linked also to #25
The cast function from EmailHash is working properly and returned an error as the format of the test email is not valid:

errors: [email_hash: {"is invalid", [type: Fields.EmailHash, validation: :cast]}]

In fact the error is due to the wrong validation applied from EmailHash field, see dwyl/fields#62

So the errors are linked to endpoints created automatically (ex: creating new person). The form created was trying to display the email hashed however Phoenix wasn't able to display the hash correctly.
I've manage to reduce the number of failing tests (just 5 left to fix). However I feel that we can start to try cleaning the endpoints especially if we are going to use Elm soon

@SimonLab
Copy link
Member

SimonLab commented Dec 3, 2019

The function get_by_email still returns nil when search on email_hash:

SELECT p0."id", p0."email", p0."email_hash", p0."familyName", p0."givenName", p0."locale", p0."password_hash", p0."picture", p0."username", p0."username_hash", p0."status", p0."tag", p0."key_id", p0."inserted_at", p0."updated_at" FROM "people" AS p0 WHERE (p0."email_hash" = $1) [<<35, 170, 210, 164, 226, 27, 120, 16, 40, 188, 159, 44, 154, 226, 106, 172, 17, 237, 33, 235, 188, 25, 243, 86, 120, 63, 191, 122, 61, 154, 118, 198>>]

I think the value are different between the hash converted and the actual value inseted in the database

@SimonLab
Copy link
Member

SimonLab commented Dec 3, 2019

I've updated the way we save the email_hash to be able to retrieve the person by email.
Another error is displayed when the Person already exists in the database:

function App.Ctx.Person.fetch/2 is undefined (App.Ctx.Person does not implement the Access behaviour)

I think this is due to some person data not defined and required on the index template

@nelsonic
Copy link
Member Author

nelsonic commented Dec 3, 2019

Hmm... can you share your screen? I'm on Zoom.

@SimonLab
Copy link
Member

SimonLab commented Dec 4, 2019

The email attribute wasn't pattern matched on the correct parameters. It was done on the person instead of attrs

 def google_changeset(profile, %{"email" => email} = attrs) do
    profile
    |> cast(attrs, [:email, :givenName, :familyName, :picture, :locale])
    |> validate_required([:email])
    |> put_change(:email_hash, email )
  end

This works however I'm wondering if there is a nicer/other way to extract the email directly from the changeset after |> validate_required([:email]). I can create a private function which add the hashed email similar to the one used to define the hashed password:

defp put_pass_hash(changeset) do
case changeset do
%Ecto.Changeset{valid?: true, changes: %{password: pass}} ->
put_change(changeset, :password_hash, Comeonin.Pbkdf2.hashpwsalt(pass))
_ ->
changeset
end
end

SimonLab added a commit that referenced this issue Dec 4, 2019
@SimonLab
Copy link
Member

SimonLab commented Dec 4, 2019

When a person already exists in the database we are only creating a new session then rendering the

next error to resolve:
image

@SimonLab
Copy link
Member

SimonLab commented Dec 4, 2019

Schemas don't have the Access Behaviour, so we can't access data with [ ], ie people["email"] returns an error. Using . is fine, people.email will work.

SimonLab added a commit that referenced this issue Dec 4, 2019
@SimonLab SimonLab added awaiting-review An issue or pull request that needs to be reviewed and removed in-progress An issue or pull request that is being worked on by the assigned person labels Dec 4, 2019
@nelsonic
Copy link
Member Author

nelsonic commented Dec 4, 2019

@SimonLab good catch. thanks for fixing this. 👍

@nelsonic
Copy link
Member Author

nelsonic commented Oct 2, 2020

Using auth_plug + auth this is no longer an issue. #65

@nelsonic nelsonic closed this as completed Oct 2, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
awaiting-review An issue or pull request that needs to be reviewed bug Suspected or confirmed bug (defect) in the code chore a tedious but necessary task often paying technical debt T1h Time Estimate 1 Hour
Projects
None yet
Development

No branches or pull requests

2 participants