commonfare-net / macao-social-wallet Goto Github PK

View Code? Open in Web Editor NEW

113.0 113.0 36.0 2.94 MB

Simple Social Wallet made without javascript using the Freecoin toolkit

Home Page: https://freecoin.dyne.org

License: GNU Affero General Public License v3.0

Shell 2.07% Clojure 96.30% CSS 1.05% Ruby 0.57%

clojure crypto dyne social social-digital-currency wallet

macao-social-wallet's People

Contributors

Stargazers

Watchers

macao-social-wallet's Issues

Teardown db connection for journey tests

Automate deployment by pulling master for freecoin staging

Use jgit that has pull and clone only access

hotfixes authentication

email-config document
pass any character
Resend confirmation email

Be able to scan the QRcodes and create a transaction

the QR code near the photo in the wallet: users should be enabled to scan it with their phones' cameras in a way that opens a http://freecoin1staging.dyne.org:8000/send page where the 'RECIPIENT' is prefilled and users should just input the AMOUNT and TAGS

Secure validation of user input

Need to make sure that, whenever user supplies any input to the application, no harm can be done on the server (e.g. injection in the Mongo queries)

Rename to macao-social-wallet

At last and after the succesful refactoring made to modularise all libraries and share the same core toolkit for this wallet and the social-wallet-api implementation, we can now think of renaming this "freecoin toolkit application" with another name, to avoid confusion.

I propose "macao-social-wallet", the first implementation of a social wallet done with the freecoin toolkit.

Create tests for /send/to/:email

878d2c1

Run OCP software locally

Add separators to amounts

Transaction recipient should be an email and not a name to ensure uniqueness

Add log test to a separate suite to run on the build system but not locally

Glitches in the account registration journey

When registering a new account there are small glitches to be addressed:

when connecting on the home page there is no obvious link to landing-page
when password is wrong there is a reload with error but valid data is not kept in the form
when succesfully registered there is a broken route (we get error from nginx) (see figure 1 below)
error appears above all forms (addressed in #44)

When creating the mongo storage the transactions collection is missing

a3851ac#diff-aa48405498890086474eee655cb95fc2

Vagrant setup doesn't compile

Error message:

Exception in thread \"main\" java.io.FileNotFoundException: Could not locate ns_tracker/core__init.class or ns_tracker/core.clj on classpath. Please check that namespaces with dashes use underscores in the Clojure file name.

Using vanilla repository, except for two changes:

LEIN_SNAPSHOTS_IN_RELEASE is set for the jar create task in playbook (otherwise fails earlier to Lein being picky about unspecific versions)
Vagrantfile uses a more recent Vbox image of Devuan (the old version is unavailable)

Lein may be right in that allowing non-date frozen snapshots in release is a bad idea, but in any case, the vagrant setup does not build in its present form.

vm.box url incorrect in opts/Vagrantfile

Noticed the virtual box remote url in the Vagrantfile is out of date. Also to get vagrant vm up and running, requires an apt update before installing open-jdk and creating a email-conf.edn for the server to start correctly. I've made a few changes in my own fork, alright to send a PR?

master...KGibb8:master

When confirming the execution of the transaction the secret PIN is visible

Faircoin2 integration

Form errors appear on all 3 forms on the sign in view

Create a simple user email activation system

We would like to replace stonecutter with a simple user management and email activation system.

The main goals are:

Simple user creation form with email, name and password
Email activation link that expires
Password recovery
The password information will be encrypted

Missing something in my runtime

Hi,

I installed Freecoin and Stonecutter as per the documentation (I think). I modified the Stonecutter resources/client-credentials.yml to include the default Freecoin sso broker credentials like so.

- name: Freecoin
  client-id: LOCALFREECOIN
  client-secret: FREECOINSECRET
  url: "http://localhost:8000/sso-callback"

When I go to the landing page in my local instance of freecoin it correctly takes me to the SSO server but then upon returning I get the following message in the freecoin log.

Tue Mar 01 17:07:30 CET 2016 [worker-4] ERROR - GET /sso-callback
com.mongodb.MongoServerSelectionException: Unable to connect to any servers

I suspect that lein doesn't run an instance of Mongo, yet on the Running the app locally section of the readme I don't see anything about a Mongo instance. Do I need a self-standing mongodb server to be able to run Freecoin?

Headers too big with email-activation-sent redirect when running with the ring server

oejs.AbstractHttpConnection:header full: java.lang.RuntimeException: Header>6144

Since it works fine with the http-kit server assume that ring adds something extra to headers. Maybe https://github.com/ring-clojure/ring-headers is useful

Autocomplete the email of the recipient to send coins to

To be proceeded by #32

Stonecutter email not sent when creating a new user

[qtp9361871-307] WARN stonecutter.email - Cannot send confirmation email as the path to the email sending script has not been set. Please set the EMAIL_SCRIPT_PATH environment variable to the appropriate script.

Replace the use of account-id with the account-email

Calendar of events

Component (perhaps separate) which connects to the freecoin DB and shares some components, to quickly and easily manage recurrent tasks (add, remove, check) like monthly airdrops, statistics etc.

Can be using this as GUI https://fullcalendar.io
And this is a good start at the backend: https://github.com/innoq/simple-calendar
Perhaps useful collection of funcs: https://gist.github.com/kouphax/9526644

example of how to assign value to user accounts

hi team,

have got everything working but is not immediately clear how to invoke funds at genesis point for accounts. (essentially the system starts with 0 for all new users. How are funds instantiated?)

Is this through the admin console? https://github.com/Commonfare-net/social-wallet-admin-console

If so, could you give an example of the code for how this is done?

If not, could you quickly outline how to add funds to the system.

cc @kgibb8

Admin console

Separate gorilla console to organise and customise admin tasks on the running freecoin instance.

Add links to:

list participants
sign-out

Create a more generic solution for transaction authentication options

Allow through configuration apart from PIN
-- email confirmation
-- any arbitrary authentication function eg. to external (google auth)
-- Adjusts the tests accordingly to be generic

Add pagination to lists

Currently transactions (either user-specific or system-wide), participants and tags are listed without any pagination, which is not suitable for a production deployment.

Deploying on Docker

Hi,

I am attempting to deploy Freecoin in Docker. It is my first Clojure deployment so am unsure of some basic steps. Please find my Dockerfile:

FROM openjdk:8

ENV LEIN_VERSION=2.8.1
ENV LEIN_INSTALL=/usr/local/bin/

WORKDIR /tmp

# Download the whole repo as an archive
RUN mkdir -p $LEIN_INSTALL \
  && wget -q https://raw.githubusercontent.com/technomancy/leiningen/$LEIN_VERSION/bin/lein-pkg \
  && echo "Comparing lein-pkg checksum ..." \
  && echo "019faa5f91a463bf9742c3634ee32fb3db8c47f0 *lein-pkg" | sha1sum -c - \
  && mv lein-pkg $LEIN_INSTALL/lein \
  && chmod 0755 $LEIN_INSTALL/lein \
  && wget -q https://github.com/technomancy/leiningen/releases/download/$LEIN_VERSION/leiningen-$LEIN_VERSION-standalone.zip \
  && wget -q https://github.com/technomancy/leiningen/releases/download/$LEIN_VERSION/leiningen-$LEIN_VERSION-standalone.zip.asc \
  && gpg --keyserver pool.sks-keyservers.net --recv-key 2B72BF956E23DE5E830D50F6002AF007D1A7CC18 \
  && echo "Verifying Jar file signature ..." \
  && gpg --verify leiningen-$LEIN_VERSION-standalone.zip.asc \
  && rm leiningen-$LEIN_VERSION-standalone.zip.asc \
  && mkdir -p /usr/share/java \
  && mv leiningen-$LEIN_VERSION-standalone.zip /usr/share/java/leiningen-$LEIN_VERSION-standalone.jar

ENV PATH=$PATH:$LEIN_INSTALL
ENV LEIN_ROOT 1

# Install clojure 1.9.0 so users don't have to download it every time
RUN echo '(defproject dummy "" :dependencies [[org.clojure/clojure "1.9.0"]])' > project.clj \
  && lein deps && rm project.clj

RUN git clone https://github.com/Commonfare-net/macao-social-wallet /app
WORKDIR /app/src/freecoin
RUN lein run server

First issue is when running lein ring server I get command error it seems ring isn't an option I tried run instead but then I get No :main namespace specified in project.clj.

Would be grateful if you point me in the right direction.

The user should be uniquely identified by the email address and not the generate uid

Bad getaway error after sign up

Something goes wrong with the redirect

buddy-hashers in handlers/sign_in.clj ?

While most functions are moved inside just-auth, the password derivation (KDF) is still done inside this code by hashers/derive and hashers/check. Shouldn't it be moved also inside just-auth and made implicit? In no occasion passwords should be handled without a derivation anyway,

list all existing tags when doing a transaction

This way the user can choose from an existing tags instead of creating new all the time

Forgot password functionality

Some small problems spotted:

resend works with any email address, also already activated accounts
there is no way to reset the password for those who forgot it

mocking mail server to allow email authentication

this is issue is connected to #83

n00b question incoming.

When registering a new account it is required to authenticate the email as outlined in:

https://github.com/Commonfare-net/macao-social-wallet/blob/6ad569b516234729809d9910cde4daf8a045f153/test/freecoin/journey/sign_in.clj

due to unfamiliarity with clojure and tooling I'm not sure how to mock out the email. in configuration it is stated:

Add an email-conf.edn file and point to it through the conf in project.clj under profiles. It is needed for the system ti be able to send emails when needed (eg. when a user signs up). The file should be of the form: 
{:email-server "" :email-user "" :email-pass "" :email-address ""}

Could you give an example of how you set this up for local testing?

Appreciated.

FYI @kgibb8

UPDATE:

Check 3 comments below for how to get activation links from the mongo console

Subprocess failed on (first & subsequent) running of 'lein ring server'

Hey folks,

Having some issues with installation. This is quite likely the fact I am unfamiliar with clojure.

After running through the installation instructions here: https://github.com/Commonfare-net/macao-social-wallet

I first made sure that mongo was running:

[  3:38am ]  [ user@host:~/Lib/macao-social-wallet(master✔) ]
 $ ps aux | grep "mongo"
user      2537  0.0  0.0  12728  2060 pts/0    S+   03:39   0:00 grep --color=auto --exclude-dir=.bzr --exclude-dir=CVS --exclude-dir=.git --exclude-dir=.hg --exclude-dir=.svn mongo
mongodb  28670  0.3  0.2 387484 45776 ?        Sl   02:52   0:09 /usr/bin/mongod --config /etc/mongodb.conf

I am getting the following error stacktrace when firing up the server:

[  3:39am ]  [ user@host:~/Lib/macao-social-wallet(master✔) ]
 $ lein ring server     
(Warning: profile :dev-local not found.)
Possibly confusing dependencies found:
[ring/ring-core "1.6.2"] -> [clj-time "0.11.0"]
 overrides
[org.clojars.dyne/freecoin-lib "0.8.0"] -> [clojure-humanize "0.2.2"] -> [clj-time "0.12.0"]
 and
[clojure-humanize "0.2.2"] -> [clj-time "0.12.0"]

Consider using these exclusions:
[org.clojars.dyne/freecoin-lib "0.8.0" :exclusions [clj-time]]
[clojure-humanize "0.2.2" :exclusions [clj-time]]

[circleci/clj-yaml "0.5.6"] -> [org.yaml/snakeyaml "1.13"]
 overrides
[org.clojars.dyne/just-auth "0.1.0"] -> [org.clojars.dyne/auxiliary "0.4.0"] -> [io.forward/yaml "1.0.6"] -> [org.yaml/snakeyaml "1.18"]
 and
[org.clojars.dyne/freecoin-lib "0.8.0"] -> [org.clojars.dyne/auxiliary "0.4.0"] -> [io.forward/yaml "1.0.6"] -> [org.yaml/snakeyaml "1.18"]
 and
[org.clojars.dyne/auxiliary "0.4.0"] -> [io.forward/yaml "1.0.6"] -> [org.yaml/snakeyaml "1.18"]

Consider using these exclusions:
[org.clojars.dyne/just-auth "0.1.0" :exclusions [org.yaml/snakeyaml]]
[org.clojars.dyne/freecoin-lib "0.8.0" :exclusions [org.yaml/snakeyaml]]
[org.clojars.dyne/auxiliary "0.4.0" :exclusions [org.yaml/snakeyaml]]

[org.clojars.dyne/freecoin-lib "0.8.0"] -> [prismatic/schema "1.1.6"]
 overrides
[org.clojars.dyne/just-auth "0.1.0"] -> [prismatic/schema "1.1.7"]

Consider using these exclusions:
[org.clojars.dyne/just-auth "0.1.0" :exclusions [prismatic/schema]]

[midje "1.8.3"] -> [org.clojure/tools.namespace "0.2.10"]
 overrides
[ns-tracker "0.3.1"] -> [org.clojure/tools.namespace "0.2.11"]

Consider using these exclusions:
[ns-tracker "0.3.1" :exclusions [org.clojure/tools.namespace]]

[ring/ring-core "1.6.2"] -> [clj-time "0.11.0"] -> [joda-time "2.8.2"]
 overrides
[org.clojars.dyne/freecoin-lib "0.8.0"] -> [clojure-humanize "0.2.2"] -> [clj-time "0.12.0"] -> [joda-time "2.9.3"]
 and
[clojure-humanize "0.2.2"] -> [clj-time "0.12.0"] -> [joda-time "2.9.3"]

Consider using these exclusions:
[org.clojars.dyne/freecoin-lib "0.8.0" :exclusions [joda-time]]
[clojure-humanize "0.2.2" :exclusions [joda-time]]

[scenic "0.2.5"] -> [bidi "1.11.0"] -> [org.clojure/clojurescript "0.0-2371"] -> [org.clojure/tools.reader "0.8.9"]
 overrides
[org.clojars.dyne/just-auth "0.1.0"] -> [org.clojars.dyne/auxiliary "0.4.0"] -> [com.taoensso/timbre "4.10.0"] -> [com.taoensso/encore "2.91.0"] -> [org.clojure/tools.reader "0.10.0"]
 and
[org.clojars.dyne/just-auth "0.1.0"] -> [org.clojars.dyne/clj-storage "0.5.0"] -> [com.taoensso/timbre "4.10.0"] -> [com.taoensso/encore "2.91.0"] -> [org.clojure/tools.reader "0.10.0"]
 and
[org.clojars.dyne/freecoin-lib "0.8.0"] -> [org.clojars.dyne/auxiliary "0.4.0"] -> [com.taoensso/timbre "4.10.0"] -> [com.taoensso/encore "2.91.0"] -> [org.clojure/tools.reader "0.10.0"]
 and
[org.clojars.dyne/freecoin-lib "0.8.0"] -> [org.clojars.dyne/clj-storage "0.5.0"] -> [com.taoensso/timbre "4.10.0"] -> [com.taoensso/encore "2.91.0"] -> [org.clojure/tools.reader "0.10.0"]
 and
[org.clojars.dyne/auxiliary "0.4.0"] -> [com.taoensso/timbre "4.10.0"] -> [com.taoensso/encore "2.91.0"] -> [org.clojure/tools.reader "0.10.0"]
 and
[org.clojars.dyne/just-auth "0.1.0"] -> [com.taoensso/timbre "4.10.0"] -> [com.taoensso/encore "2.91.0"] -> [org.clojure/tools.reader "0.10.0"]
 and
[org.clojars.dyne/freecoin-lib "0.8.0"] -> [com.taoensso/timbre "4.10.0"] -> [com.taoensso/encore "2.91.0"] -> [org.clojure/tools.reader "0.10.0"]

Consider using these exclusions:
[org.clojars.dyne/just-auth "0.1.0" :exclusions [org.clojure/tools.reader]]
[org.clojars.dyne/freecoin-lib "0.8.0" :exclusions [org.clojure/tools.reader]]
[org.clojars.dyne/auxiliary "0.4.0" :exclusions [org.clojure/tools.reader]]

[ring.middleware.logger "0.5.0" :exclusions [org.slf4j/slf4j-api]] -> [onelog "0.4.5"] -> [clj-logging-config "1.9.10"] -> [log4j "1.2.16"]
 overrides
[ring.middleware.logger "0.5.0" :exclusions [org.slf4j/slf4j-api]] -> [onelog "0.4.5"] -> [org.slf4j/slf4j-log4j12 "1.7.7"] -> [log4j "1.2.17"]

Consider using these exclusions:
[ring.middleware.logger "0.5.0" :exclusions [log4j org.slf4j/slf4j-api]]

[scenic "0.2.5"] -> [bidi "1.11.0"] -> [org.clojure/clojurescript "0.0-2371"] -> [com.google.javascript/closure-compiler "v20140625"] -> [com.google.guava/guava "17.0"]
 overrides
[org.clojars.dyne/just-auth "0.1.0"] -> [org.clojars.dyne/clj-storage "0.5.0"] -> [com.novemberain/monger "3.1.0"] -> [clojurewerkz/support "1.1.0"] -> [com.google.guava/guava "18.0"]
 and
[org.clojars.dyne/freecoin-lib "0.8.0"] -> [org.clojars.dyne/clj-storage "0.5.0"] -> [com.novemberain/monger "3.1.0"] -> [clojurewerkz/support "1.1.0"] -> [com.google.guava/guava "18.0"]

Consider using these exclusions:
[org.clojars.dyne/just-auth "0.1.0" :exclusions [com.google.guava/guava]]
[org.clojars.dyne/freecoin-lib "0.8.0" :exclusions [com.google.guava/guava]]

"lein-ring-init"
Jan 19, 2018 3:41:35 AM com.mongodb.diagnostics.logging.JULLogger log
INFO: Cluster created with settings {hosts=[localhost:27017], mode=SINGLE, requiredClusterType=UNKNOWN, serverSelectionTimeout='30000 ms', maxWaitQueueSize=500}
Exception in thread "main" java.io.FileNotFoundException: email-conf.edn (No such file or directory), compiling:(/tmp/form-init7994703934240977116.clj:1:73)
	at clojure.lang.Compiler.load(Compiler.java:7391)
	at clojure.lang.Compiler.loadFile(Compiler.java:7317)
	at clojure.main$load_script.invokeStatic(main.clj:275)
	at clojure.main$init_opt.invokeStatic(main.clj:277)
	at clojure.main$init_opt.invoke(main.clj:277)
	at clojure.main$initialize.invokeStatic(main.clj:308)
	at clojure.main$null_opt.invokeStatic(main.clj:342)
	at clojure.main$null_opt.invoke(main.clj:339)
	at clojure.main$main.invokeStatic(main.clj:421)
	at clojure.main$main.doInvoke(main.clj:384)
	at clojure.lang.RestFn.invoke(RestFn.java:421)
	at clojure.lang.Var.invoke(Var.java:383)
	at clojure.lang.AFn.applyToHelper(AFn.java:156)
	at clojure.lang.Var.applyTo(Var.java:700)
	at clojure.main.main(main.java:37)
Caused by: java.io.FileNotFoundException: email-conf.edn (No such file or directory)
	at java.io.FileInputStream.open(Native Method)
	at java.io.FileInputStream.<init>(FileInputStream.java:146)
	at clojure.java.io$fn__9520.invokeStatic(io.clj:229)
	at clojure.java.io$fn__9520.invoke(io.clj:229)
	at clojure.java.io$fn__9433$G__9426__9440.invoke(io.clj:69)
	at clojure.java.io$fn__9532.invokeStatic(io.clj:258)
	at clojure.java.io$fn__9532.invoke(io.clj:254)
	at clojure.java.io$fn__9433$G__9426__9440.invoke(io.clj:69)
	at clojure.java.io$fn__9494.invokeStatic(io.clj:165)
	at clojure.java.io$fn__9494.invoke(io.clj:165)
	at clojure.java.io$fn__9446$G__9422__9453.invoke(io.clj:69)
	at clojure.java.io$reader.invokeStatic(io.clj:102)
	at clojure.java.io$reader.doInvoke(io.clj:86)
	at clojure.lang.RestFn.invoke(RestFn.java:410)
	at clojure.lang.AFn.applyToHelper(AFn.java:154)
	at clojure.lang.RestFn.applyTo(RestFn.java:132)
	at clojure.core$apply.invokeStatic(core.clj:648)
	at clojure.core$slurp.invokeStatic(core.clj:6657)
	at clojure.core$slurp.doInvoke(core.clj:6657)
	at clojure.lang.RestFn.invoke(RestFn.java:410)
	at freecoin.core$lein_ring_init$fn__22030.invoke(core.clj:230)
	at clojure.lang.Atom.swap(Atom.java:37)
	at clojure.core$swap_BANG_.invokeStatic(core.clj:2260)
	at clojure.core$swap_BANG_.invoke(core.clj:2253)
	at freecoin.core$lein_ring_init.invokeStatic(core.clj:227)
	at freecoin.core$lein_ring_init.invoke(core.clj:223)
	at clojure.lang.Var.invoke(Var.java:375)
	at ring.server.standalone$serve.invokeStatic(standalone.clj:95)
	at ring.server.standalone$serve.doInvoke(standalone.clj:75)
	at clojure.lang.RestFn.invoke(RestFn.java:423)
	at ring.server.leiningen$serve.invokeStatic(leiningen.clj:13)
	at ring.server.leiningen$serve.invoke(leiningen.clj:10)
	at user$eval22034.invokeStatic(form-init7994703934240977116.clj:1)
	at user$eval22034.invoke(form-init7994703934240977116.clj:1)
	at clojure.lang.Compiler.eval(Compiler.java:6927)
	at clojure.lang.Compiler.eval(Compiler.java:6917)
	at clojure.lang.Compiler.load(Compiler.java:7379)
	... 14 more
Subprocess failed

If it is useful I am running devuan.org

$ uname -a
Linux host 3.16.0-4-amd64 #1 SMP Debian 3.16.43-2+deb8u5 (2017-09-19) x86_64 GNU/Linux

The error-redirect function doesnt work as intended

java.lang.IllegalArgumentException: No value supplied for key: :landing-page

This makes sense as in https://github.com/PIENews/freecoin/blob/bc012ba1fe9b3223674f17bab363ad1a5e038160/src/freecoin/handlers/sign_in.clj#L55 one can see that the ctx is passed as a first argument to routes/absolute-path. Not sure how it worked at the first place

Passwords with a dash "-" do not pass the regular expression check

Replace the name with real name surname in the list of participants

Cleanup vagrant config

have not been tested for some time. Removed stonecutter and maybe more that still there

Cleanup server starting for development and production

Cleanup freecoin.core and/or document

So far the way to start it is through the repl calling (start)

Misleading screen when sending amount while viewing another profile than the one logged in

Logged in as aspasia.beneti

Check latest transactions

Click on beneti_aspasia and check profile

Send amount while viewing beneti_aspasia

The amount was sent from aspasia.beneti

The new transaction list

Create a demo deployment

Get ready for the Macao first release

tags need 2 small fixes (creation date and who created the tag)
initial transaction with tag
block negative values
fix the PIN to work with NO password
empty the DB
check that noone outside bridge can access mongo check
Add buttons for participants and tags
List participants alphabetical order
Help Macao to get started with creating emails for project wallets

Remove url-sensitive characters prefixing tags

If a tag is created with a character that affects urls, it fails to be passed as argument.
For instance if a tag is created with a prepended hash (i.e. #tag) then the url listing tag transactions will not be valid, as the browser will take it as an in-page anchor instead of passing it through the http pipeline (i.e. http://localhost:8000/tags/#tag).
Upon tag creation the string should be sanitized by removing all extended url characters.

Tagging system for transactions

To quickly navigate transactions in relation to projects, we need tagging in their description.

I'm investigating what is the best DB tech to adopt for small/medium scale of tagging on the long term, perhaps reverting to SQL is best. In that case an approach made of 3 tables would be best:

ENTRIES - the things being tagged
ent_id (IDX)
other columns as needed

TAGS
tag_id
tag_name (IDX)
created_by
created_when

ENTRY_TAGS
et_id
ent_id (IDX)
tag_id (IDX)
start/end date if tags can be added or removed after the original entry

or have also a reference table linking users to tags they use

Items
ItemID

ItemTags
ItemID (IDX)
TagID (IDX)

Tags
TagID

UserTags
ItemID (IDX)
UserID (IDX)

Inspecting the wallet of another participant shows my own wallet

Regardless of the :uid URI parameter, going to:

http://freecoin/participant/<:uid>

always shows my wallet

commonfare-net / macao-social-wallet Goto Github PK

macao-social-wallet's People

Contributors

Stargazers

Watchers

Forkers

macao-social-wallet's Issues

UPDATE:

Recommend Projects

Recommend Topics

Recommend Org

Jobs