Author Topic: [ANN] Bitshares SMF login plugin  (Read 16310 times)

0 Members and 1 Guest are viewing this topic.

Offline gamey

  • Hero Member
  • *****
  • Posts: 2253
    • View Profile
onepassword is a password manager and I suppose the '1 password' refers to the master password. 

Read bytemaster's blog entry on reasons you might wish to use a blockchain based authentication.
I speak for myself and only myself.

Offline jsidhu

  • Hero Member
  • *****
  • Posts: 1335
    • View Profile
Why need a plugin ? Can you create an app like 1Password ?

https://agilebits.com/onepassword

One app and login all sites without plugin.
Why not login thru facebook then? Is onepassword decentralized?
Hired by blockchain | Developer
delegate: dev.sidhujag

Offline BitAsset

  • Newbie
  • *
  • Posts: 19
    • View Profile
Why need a plugin ? Can you create an app like 1Password ?

https://agilebits.com/onepassword

One app and login all sites without plugin.

Offline bytemaster

It's a bug.  Nathan is on it.
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline 70231f697a2b3c2b

  • Full Member
  • ***
  • Posts: 61
    • View Profile
  • Went to http://bitsharesnation.org/.
  • Clicked on "Login with BitShares":
    • BitShares app open and unlocked:  clicking the login button switched focus to the BitShares app, but nothing else happened.
    • BitShares app open and locked:  clicking the login button switched focus to the BitShares app, but nothing else happened.
    • BitShares app not open:  clicking the login button caused the BitShares app to launch.  I entered my password to unlock my wallet, but nothing else happened.

Browser:  Firefox 34.0
OS:  Mac OS 10.10.1
BTS:  0.4.27.2
« Last Edit: December 24, 2014, 09:02:17 pm by todofixthis »

Offline gamey

  • Hero Member
  • *****
  • Posts: 2253
    • View Profile
I think having a email specified should be optional.

I agree but the problem is that the register function inside SMF insists on there being an email via not empty() (ie evaluates to false) AND it fits the regex.  So optional means I have to create a never valid email address for the field.

That then leads to 2 problems.  1 it is ugly and confusing and 2 if the user wishes to change it, SMF forces someone to know their password. (which they won't with bitshares login)

My other option which I hadn't considered earlier is making a magic value to register with then manually updating the account to blank out the password.
I speak for myself and only myself.

Offline bytemaster

I think having a email specified should be optional.   
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline gamey

  • Hero Member
  • *****
  • Posts: 2253
    • View Profile
So the wallet/client on the server generates the first URL which is then redirected to a local wallet via the protocol handler.  Is this part of the handshake reusable?  Or will the wallet_handshake_finish (or whatever it is called) not allow reuse ?  Since there are no transactions involved I assume they can be reused.

The reason I ask is because caching of the pages could mess up authentication.  If the first portion of the handshake can be reused this can't be an issue.

Otherwise it seems to work.  I know of 2 minor issues on the admin panel .. I need to investigate one and not sure the other is worth fixing.. neither effect the user experience.  I also need to find out how to properly escape the input functions into SMF and it'll be done AFAIK.

There are some ugly things.  Like the user registration function provided by SMF forces a reasonable email address.  It can not be blank.  Either I patch SMF code (??) or I unset the email address later after registration is called.. OR I have some dummy value left in there.  That is a bit strange when you go see some ridiculous email address in the profile.  Maybe it is best to just turn off asking for email address, but I think a lot of the forum's functionality is useful like having email notifications when you receive PMs etc. ... thoughts?
« Last Edit: December 24, 2014, 09:17:53 am by gamey »
I speak for myself and only myself.

Offline gamey

  • Hero Member
  • *****
  • Posts: 2253
    • View Profile
@BM, if i login from bts, can i connect to the account that i had register in the forum.
or just a fresh account?

This is on my list of things to test tonight.  The code is there but it hasn't been tested.  The code is from the original plugin and not written by me so I won't make any comments on it until I test it and examine it.  I see little reason to not fix it if broken.  This goes quite a bit beyond a simple login plugin though but I'll gladly do it as I see the need.
I speak for myself and only myself.

Offline gamey

  • Hero Member
  • *****
  • Posts: 2253
    • View Profile

So I had to delete all the accounts that signed up with the original ANN posting because those accounts were basically broken and in a state that wouldn't be readily fixable.

What issues are left to be resolved?

I'm going through and testing things.  There isn't a list of issues outside of the things I fix as I come across them.  I just removed the Bitshares profile entry that was left from the previous plugin.  I need to test synching of existing accounts. I am reading through the SMF php code and found that certain inputs need to be escaped.  I need to investigate that.  I found a redirect to an invalid URL sitting in the code.  I also want to look over the logic for the cookies.  It is close to being done but it still needs testing in a methodical manner of some sort.  etc.. My goal is to get most of this done tonight and get everything crossed off.

The accounts you are asking about though is just from legacy code .. shrug.. it was like a testnet but I can't reset the whole thing.  Easier to delete the earlier accounts.
I speak for myself and only myself.

Offline cgafeng

@BM, if i login from bts, can i connect to the account that i had register in the forum.
or just a fresh account?
BTC:1EYwcZ9cYVj6C9LMLafdcjK9wicVMDV376

Offline bytemaster


So I had to delete all the accounts that signed up with the original ANN posting because those accounts were basically broken and in a state that wouldn't be readily fixable.

What issues are left to be resolved?
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline gamey

  • Hero Member
  • *****
  • Posts: 2253
    • View Profile

So I had to delete all the accounts that signed up with the original ANN posting because those accounts were basically broken and in a state that wouldn't be readily fixable.
I speak for myself and only myself.

Offline gamey

  • Hero Member
  • *****
  • Posts: 2253
    • View Profile
Perhaps the site name also needs a robohash?

Well I registered bitsharesnation so it will give you that name when you "ok" the login from inside your wallet.  Unfortunately I had problems importing the json I exported.  I became frustrated with it though and went back to the "testingtoday".

It would be nice to have a robohash of the site you are logging into inside the wallet's acknowledgement dialog box/window, but it is likely that making a dialog display a bitmap requires some level of hoop jumping for the devs.  Actually I suppose that is html so perhaps not so hard.
I speak for myself and only myself.

Offline gamey

  • Hero Member
  • *****
  • Posts: 2253
    • View Profile
I attempted to login to this today as I was preparing a blog article on the topic.   After I was redirected to your site it failed to log me in.

I noticed a few bugs with URL handling on our side of the fence.  I would really like to get the kinks worked out so we can all switch to BitShares login and start getting some extra benefits out of our BitShares accounts.

I will look in this.  It was working well for me with only 1 known bug in the log display screen which shows an invalid URL for profiles.

2 possible problems or something has went down on the server.

1) If you patched the URL variable handling so they are passed through it will break the login as I rely on the code behaving as it does.

2) If you were trying to login in with an account you created when I first made this thread then the behavior isn't defined.  I released the site initially just for fun etc.  It was a prototype where I did the first bit of coding to get it to work.  Things have changed since then so I wouldn't expect the accounts made during that time to work, but they might. 


You can also claim accounts and synch them up but I have to test the functionality.  It appears that if you create an account without bitshares then try to login with an account, it will attempt to synch your accounts if you provide a password.  I plan on working on this today (tonight), running testcases etc and verifying some cookie behavior.  I also need to allow a person to enter an empty blank email.

I speak for myself and only myself.