Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🔊 Store token validation errors in the database and display them in the admin dashboard #1102

Open
shankari opened this issue Jan 10, 2025 · 5 comments
Open

🔊 Store token validation errors in the database and display them in the admin dashboard #1102

shankari opened this issue Jan 10, 2025 · 5 comments

Comments

@shankari
Copy link
Contributor

For pre-generated tokens, one of the biggest issues is when the tokens don't work.
This can be either because the token is malformed on the phone, or when the token is properly formatted, but is not found among the valid tokens on the server.

To make it easier for admins to debug these issues themselves, I propose the following:

  • we store the errors are stats/client_error messages, possibly with name = malformed_opcode or opcode_not_found
  • we display the token errors in the admin dashboard so that admins can see the root cause
  • extra credit: we try to match the opcode_not_found opcodes to valid opcodes and suggest some potential matches, so admins can easily help participants troubleshoot what is going on

While handling this we should also double check the client code to make sure that each malformed case is recorded properly - e.g. distinguish between the cases in if (tokenParts.length < 3 || tokenParts.some((part) => part == '')) {

@JGreenlee for visibility
@shankari
Copy link
Contributor Author

shankari commented Jan 10, 2025
edited
Loading

FYI, here's the script that I used to identify opcodes with two underscores for ca-ebike

>>> all_opcodes = open("nrelop_ca-ebike_default_tokens.txt").readlines()           
>>> invalid_opcodes = [o for o in all_opcodes if "default__" in o]
>>> len(invalid_opcodes)
3124
>>> open("/tmp/invalid_opcodes.txt", "w").writelines(invalid_opcodes)

@shankari
Copy link
Contributor Author

we store the errors are stats/client_error messages, possibly with name = malformed_opcode or opcode_not_found

As I think about this further, I don't think that the malformed_opcode option will work because even if we store it locally, it won't get pushed to the server unless the user logs in successfully. We just have to be a lot more explicit about the reason for the malformed opcode in the error message that we show to the user such that they can debug it themselves, or send a meaningful screenshot.

@shankari
Copy link
Contributor Author

shankari commented Jan 10, 2025
edited
Loading

Ah actually it looks like having a __ anywhere fails because we don't just check if the important parts are blank but if any part is blank

> const token = "nrelop_study_subgroup_a__b"
< undefined
> const tokenParts = token.split('_');
< undefined
> tokenParts.length < 3
< false
> tokenParts.some((part) => part == '')
< true
> tokenParts
< ["nrelop", "study", "subgroup", "a", "", "b"] (6)

So the invalid opcode filter is actually

>>> all_opcodes = open("nrelop_ca-ebike_default_tokens.txt").readlines()           
>>> invalid_opcodes = [o for o in all_opcodes if "__" in o]
>>> len(invalid_opcodes)
5012
>>> open("/tmp/invalid_opcodes.txt", "w").writelines(invalid_opcodes)

@JGreenlee
Copy link

JGreenlee commented Jan 11, 2025
edited
Loading

I have previously observed the difference in the charset between phone-generated and script-generated opcodes
The random string generation method on the phone yields only alphanumeric characters:
https://github.com/e-mission/e-mission-phone/blob/89127bca0ae3f4074ab1fc9d7be0581ad62ea24f/www/js/config/opcode.ts#L9-L16

We should unify the script to behave the same, and potentially relocate both versions to e-mission-common

JGreenlee added a commit to JGreenlee/e-mission-common that referenced this issue Jan 17, 2025
@JGreenlee
add auth.opcode.py with 'generate_random_string' fn
bfc4bbc 
We perform opcode generation in e-mission-phone for autogen programs and via a script in e-mission-server (ideally on the admin dash eventually) for pregenerated opcodes.
It requires a random string to be generated as a unique identifier. The charset was different between the server and phone implementations, causing potential for issues with pregenerated opcodes
e-mission/e-mission-docs#1102

Autogen on the phone used alphanumeric characters. Pregenerated opcodes used "urlsafe" characters https://github.com/e-mission/e-mission-server/blob/33eda70849e4cf800b83d0fb3f609ed9c68e0f35/bin/auth/generate_random_tokens.py#L5
The only differences between "urlsafe characters" and "alphanumeric characters" are hypen, dot, underscore, and tilde (https://stackoverflow.com/a/695469/5110347)

The new unified function generates a string of specified length. By default it uses alphanumeric characters but a different charset can be optionally passed in.

Includes unit test to guarantee expected behavior. Tests pass in both languages
@JGreenlee JGreenlee mentioned this issue Jan 17, 2025
Merged
@JGreenlee
Copy link

Created JGreenlee/e-mission-common#14

Need to make PRs in e-mission-phone, e-mission-server, and op-admin-dashboard to use this instead of their own random string generation functions

Will add better UI error messages when I do the e-mission-phone PR

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@shankari @JGreenlee