Skip to content

Support user login and registration #495

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 27 commits into
base: oauth-phase-2
Choose a base branch
from
Open

Support user login and registration #495

wants to merge 27 commits into from

Conversation

@amCap1712
Copy link
Member

@amCap1712 amCap1712 commented Dec 21, 2024

TBA

@amCap1712 amCap1712 mentioned this pull request Dec 21, 2024
Closed
@github-actions
Copy link

github-actions bot commented Dec 21, 2024
edited
Loading

Test Results

236 tests  +37   231 ✅ +37   48s ⏱️ +21s
  1 suites ± 0     5 💤 ± 0 
  1 files   ± 0     0 ❌ ± 0 

Results for commit da8e04c. ± Comparison against base commit 4003c6b.

This pull request removes 24 and adds 61 tests. Note that renamed tests count towards both. 
metabrainz.admin.views_test.AdminViewsTestCase ‑ test_index
metabrainz.supporter.views_test.SupportersViewsTestCase ‑ test_login
metabrainz.supporter.views_test.SupportersViewsTestCase ‑ test_logout
metabrainz.supporter.views_test.SupportersViewsTestCase ‑ test_musicbrainz
metabrainz.supporter.views_test.SupportersViewsTestCase ‑ test_musicbrainz_post
metabrainz.supporter.views_test.SupportersViewsTestCase ‑ test_signup
metabrainz.views_test.IndexViewsTestCase ‑ test_about
metabrainz.views_test.IndexViewsTestCase ‑ test_about_customers
metabrainz.views_test.IndexViewsTestCase ‑ test_bad_customers
metabrainz.views_test.IndexViewsTestCase ‑ test_code_of_conduct
…

metabrainz.admin.views_test.AdminViewsTestCase ‑ test_supporter_admin_index
metabrainz.admin.views_test.AdminViewsTestCase ‑ test_user_admin_index
metabrainz.index.views_test.IndexViewsTestCase ‑ test_about
metabrainz.index.views_test.IndexViewsTestCase ‑ test_about_customers
metabrainz.index.views_test.IndexViewsTestCase ‑ test_bad_customers
metabrainz.index.views_test.IndexViewsTestCase ‑ test_code_of_conduct
metabrainz.index.views_test.IndexViewsTestCase ‑ test_contact
metabrainz.index.views_test.IndexViewsTestCase ‑ test_dataset_download
metabrainz.index.views_test.IndexViewsTestCase ‑ test_dataset_signup
metabrainz.index.views_test.IndexViewsTestCase ‑ test_datasets
…

♻️ This comment has been updated with latest results.

@amCap1712 amCap1712 marked this pull request as ready for review September 17, 2025 13:46
@MonkeyDo
Copy link
Member

MonkeyDo commented Sep 29, 2025

Reviewed and cleaned up the sign in and sign up pages (user and supporters, commercial and non-commercial)

Supporters
image
image

End users
image
image

amCap1712 and others added 24 commits October 16, 2025 21:51
@amCap1712
Support user login and registration
fafb366
@amCap1712
Fix existing tests
31ce07d
@amCap1712
add user view tests
39c838c
@amCap1712
Let admins block and unblock users
cb1ef8a 
Add a moderation log to keep track of decisions as well.
@amCap1712
remove ide files
84b4cef
@anshg1214 @amCap1712
feat: improve signup & login page
4c166c5
@MonkeyDo @amCap1712
Refactor conditions modal
26e20ec 
It was duplicated and unused on two pages
@anshg1214 @amCap1712
fix: forgot password page
7b1ea12
@amCap1712
add moderation comments
9796769
@amCap1712
add manual email verification and more standard template
5313857
@amCap1712
supporter fix
d0b79f3
@amCap1712
minor fixes
9719e00
@MonkeyDo @amCap1712
Fix missing close button BS styles
51ff574
@MonkeyDo @amCap1712
Hide password by default
11de8fd 
and add a button to show/hide the password
@MonkeyDo @amCap1712
Animate and reuse project logo pills
4a58226 
+ automatic formating
@MonkeyDo @amCap1712
Review conditions modal, add project logos
94089fd
@MonkeyDo @amCap1712
Make password hide buttons accessible
08f3f9b
@MonkeyDo @amCap1712
Use AuthCardPasswordInput for all password inputs
97b065a
@MonkeyDo @amCap1712
Rework signup/login pages UI
003106d 
Fix form validation and UI hints, rework the UI to be more user-friendly, cleanup markup, make it more mobile friendly
@MonkeyDo @amCap1712
Block button on login page
f4d8f41 
same as other pages, big call-to-action button as in the design files
@MonkeyDo @amCap1712
Block button on singup page
f45d8e9
@MonkeyDo @amCap1712
Add link to end-user singup from commercial signup pages\
e6e60f1 
We don't want end-users to create accounts directly on MeB.org, but it might just happen, so adding a link to the signup page they would be looking for.
@MonkeyDo @amCap1712
Add moderation_log to drop tables script
f0a3e14 
Otherwise the entire test suite fails
@amCap1712
add support for editing username
5d01e69
@amCap1712 amCap1712 requested review from MonkeyDo and mayhem November 4, 2025 09:39
@amCap1712 amCap1712 changed the base branch from master to oauth-phase-2 November 4, 2025 09:58
mayhem
mayhem approved these changes Nov 4, 2025
View reviewed changes
Copy link
Member

@mayhem mayhem left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A very cursory scan, but looks good from that distance. I think we should make a great effort testing this codebase and be really picky about ongoing PRs. We'll need lots of eyes on the new site.

admin/sql/create_indexes.sql
@@ -1,5 +1,7 @@
BEGIN;

-- TODO: Add some, if needed.
Copy link
Member

@mayhem mayhem Nov 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cleanup?

metabrainz/index/forms.py


class MeBFlaskForm(FlaskForm):

Copy link
Member

@mayhem mayhem Nov 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

docstrings.

metabrainz/user/email.py
from brainzutils.mail import send_mail
from metabrainz.model.user import User

VERIFY_EMAIL = "verify-email"
Copy link
Member

@mayhem mayhem Nov 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These are oddly named. What do they do?

config.py.example
EMAIL_VERIFICATION_EXPIRY = timedelta(hours=24)
EMAIL_RESET_PASSWORD_EXPIRY = timedelta(hours=24)

# Bcrypt
Copy link
Member

@mayhem mayhem Nov 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What are these config items? Some explanation or a link to possible values would be good.

@mayhem
Copy link
Member

mayhem commented Nov 4, 2025

One request: The admin interface was always ugly and now its gotten even worse. :( No need to design a masterpiece, but it would be nice to make some improvements so we dont have giant black bars and then like. :)

julian45
julian45 reviewed Nov 9, 2025
View reviewed changes
oauth/views.py
response.headers["Pragma"] = "no-cache"
response.headers["X-Frame-Options"] = "DENY"
response.headers["Referrer-Policy"] = "no-referrer"
# todo: add content-security-policy headers
Copy link
Contributor

@julian45 julian45 Nov 9, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perhaps while working with this file, it may be worthwhile to resolve this todo.

For example, knowing that X-Frame-Options: DENY is in place (i.e., this is not to be displayed in a frame anywhere), and assuming that this is only meant to be shown on meb.o (or self-hosted equivalents) and possibly draw from static media, we could use:

Content-Security-Policy: frame-ancestors 'none'; frame-src 'none'; object-src 'none'; img-src 'self' https://staticbrainz.org/

...but that's an approximation. (ref: MDN Content-Security-Policy documentation)

julian45
julian45 reviewed Nov 9, 2025
View reviewed changes
oauth/views.py
def after_oauth2_request(response):
""" Add security headers for Referrer-Policy, Content-Security-Policy, Cache-Control and X-Frame-Options """
response.headers["Cache-Control"] = "no-store"
response.headers["Pragma"] = "no-cache"
Copy link
Contributor

@julian45 julian45 Nov 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you expect relevant endpoints to be called by HTTP/1.0 clients? If not, we should consider removing this header, as it is deprecated.

Copy link
Contributor

@julian45 julian45 Nov 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, since Cache-Control: no-store per the preceding line, I believe this setting is also kind of ignored since no-store seems to be the most restrictive directive among possible Cache-Control values; see MDN Pragma, Cache-Control pages.

julian45
julian45 reviewed Nov 10, 2025
View reviewed changes
docker/docker-compose.dev.yml
- "8150"

meb_db:
image: postgres:12.3
Copy link
Contributor

@julian45 julian45 Nov 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Change would be out of scope for this specific PR, but even though this Compose file is for a dev environment, I still feel obliged to point out that Postgres 12 is well past end-of-life. 13 goes EoL in a few days as well, so 14 should be the minimum at this point.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@julian45 julian45 julian45 left review comments

@mayhem mayhem mayhem approved these changes

@MonkeyDo MonkeyDo Awaiting requested review from MonkeyDo

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@amCap1712 @MonkeyDo @mayhem @julian45 @anshg1214