Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

$100 - Helper Class for External Authentication Integration

jaredNZjaredNZ New
edited June 2013 in Vanilla 2.0 - 2.8

I've given up with proxyConnect/jsConnect and am putting out a challenge to Vanilla Gurus.

We really need a simple class with some basic controls; to deeply integrate Vanilla with existing websites.

  • createUser(), updateUser(), readUser(), deleteUser(), setLogin(email, T/F),
  • createDiscussion(), createPost(), readDiscussions(), readPosts()

I'll put a $100 bounty on this to get it done via paypal, and will open source the code to community.

Thanks

«13

Comments

  • have you looked at the Vanilla API application?

    http://vanillaforums.org/addon/api-application

    grep is your friend.

  • x00x00 MVP
    edited June 2013

    I don't really know what you are hoping to achieve, but why don't you pay someone to do the proxy connect for you? Given you were having problems with it.

    grep is your friend.

  • I would like a class of helper functions for the above requirements -- e.g. setLogin(email, T/F). To override the Vanilla system. I have my own site authentication and don't want to use Vanilla's.

  • i.e. This is NOT using ProxyConnect at all. It should be direct functions for writing to DB/setting required vanilla cookies.

  • x00x00 MVP
    edited June 2013

    Like I said it depends on the application.

    If you want something to provide cookie based SSO authentication, that is a separate concern. If you want to utilise the API, to integrate with another app, that is possible.

    edit: I read you have you own authentication, in which case the API will work with a valid session (or API key)

    Either way it is goign to require development, which would likely cost more than $100.

    If you are able to to use the API to your ends, are happy to do it yourself give it a try.

    There is a difference, between a restful API and the SSO authentication, they are somewhat different concepts. The APi, has it own authentication in the form an API key. It also accept a valid session, but is not responsible for that.

    An API such as the one suggested could be expensive (resource wise), if you were trying to replicate all forum user activity through it. It is useful doing some reads the forum, some writes, etc.

    If this is about authentication, I suggest you tackle that head on.

    grep is your friend.

  • jaredNZjaredNZ New
    edited June 2013

    "the API will work with a valid session (or API key)" -- Like I said above - the Vanilla authentication system isn't working and is intermittent through proxyConnect.

    I have no interest in spending another 12 hours learning a forth vanilla authentication system. I've already done jsConnect, ProxyConnect, and written my own Authenticator.

    I'm done. I just need a helper class with the functions above and am willing to pay for it.

    EG Use Case

    Login via AppSite Auth System -> Inside the AppSite I call "class.Forum.setLogin(email, true);"

    Logout via AppSite Auth System -> Inside App Site I call "class.Forum.setLogin(email, false);"

    Create user in AppSite System -> Inside AppSite I call function: "class.Forum.createUser(email, gender,... );"

    Thanks.

  • hgtonighthgtonight ∞ · New Moderator

    From my understanding, all this functionality exists with ProxyConnect + API application.

    ProxyConnect will cover createUser(), updateUser(), and deleteUser(). Everything else would be covered by @kasperisager's API application that @x00 linked.

    For example:

    • readUser() ~= GET /users/:id
    • createDiscussion() ~= POST /discussions
    • createPost() ~= POST /discussions/:id/comments
    • readDiscussions() ~= GET /discussions/mine
    • readPosts() I am not sure what you want from this

    I don't know exactly what you want these functions to do, so I guessed based on the names. I know you don't want to hear this, but user management could be handled through proxy connect, openID, or something else.

    As far as your proposed script, I don't think the community would use it. This isn't to dissuade you from making it or hiring someone to make it. Just my opinion. Have it made and prove me wrong. I love learning!

    Search first

    Check out the Documentation! We are always looking for new content and pull requests.

    Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.

  • jaredNZjaredNZ New
    edited June 2013

    I don't want to require the user to manually create a new account on the forums, sometimes ProxyConnect takes care of this, other times it doesn't. I've integrated other oAuth systems into the "AppSite" and want to automatically login with these when they login with FB/Google etc.

    Third or forth time I've said this -- ProxyConnect just doesn't work sometimes. So I've spent days trying to fix it and given up. Specifically it fails automated handshaking and never creates the user account.

    "I don't think the community would use it" - there are dozens of posts in this forum with people asking for custom integration just do a search.

    Your post doesn't cover the critical three use cases above: login, logout, createUser(..);

    Logout is easy, I do this by destroying the cookies.

    Login requires encrypting the Vanilla session details and saving into a custom formatted Vanilla cookie that seems to change every release and is stubborn as a mule.

  • hgtonighthgtonight ∞ · New Moderator

    @jaredNZ said:
    ...
    "I don't think the community would use it" - there are dozens of posts in this forum with people asking for custom integration just do a search.

    The operative word is custom. I still don't think this script would be useful to other people. This community benefits from sharing code, tips, guides, etc. that can be used by other people. I can't see a use case where you would need to log a user into Vanilla from an external script and then not use Vanilla.

    Again, make it and share it. I would love to see it.

    Search first

    Check out the Documentation! We are always looking for new content and pull requests.

    Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.

  • KasperKasper Scholar of the Bits Copenhagen Vanilla Staff

    I haven't gotten around to writing all the classes for my API application yet, but once I'm done it will be able to do all the things you're looking to do (get, create, update and delete users, log them in and out, get, create, update, delete discussions/comments/activity items/conversations/whatever).

    Kasper Kronborg Isager (kasperisager) | Freelance Developer @Vanilla | Hit me up: Google Mail or Vanilla Mail | Find me on GitHub

  • businessdadbusinessdad Stealth contributor MVP

    @jaredNZ said:
    i.e. This is NOT using ProxyConnect at all. It should be direct functions for writing to DB/setting required vanilla cookies.

    I may have misunderstood the objective, but are you looking for a library that would do exactly what Vanilla does, but without involving Vanilla at all? That is, none of Vanilla files run, and, when User clicks on forum URL, finds his account "magically" created and logged in?

  • jaredNZjaredNZ New
    edited June 2013

    Essentially yes -- to enable 1 line integration with external website auth systems: e.g. on your external site you have a login function:

    //My App Login.
    login() {
       ...app's login code...
       form.login();
    }
    //My App New User:
    createUser() {
        ...insert app account...
        forum.createUser();
    }
  • businessdadbusinessdad Stealth contributor MVP

    I'm afraid that it will be a long way to get it working. Perhaps not impossible, but the only way to develop such library would be duplicating all the code that Vanilla classes already implement, and fix it to make it compatible with multiple versions (if Core changes, the library might become unusable).

    Also, as you already mentioned, the cookies that Vanilla uses are involved. They are encrypted in a way that the library would not know (for example, because it doesn't have the salt string used by Vanilla) and, therefore, could not be provided (and they could not be set, anyway, if Vanilla "lives" in a different domain).

    I may be too pessimistic, but it looks like a trip through the mines of Moria. I'm not brave enough for it. :)

  • SrggamerSrggamer HardCore Gamer ✭✭✭

    Maybe you should find a freelancer? (I'm back)

  • vrijvlindervrijvlinder Papillon-Sauvage MVP

    businessdad@businessdad said:
    I'm afraid that it will be a long way to get it working.

    2020 about right then ?

  • SrggamerSrggamer HardCore Gamer ✭✭✭

    @vrijvlinder said:
    2020 about right then ?

    Not even close. :(

  • peregrineperegrine MVP
    edited June 2013

    businessdad

    but it looks like a trip through the mines of Moria.

    every time i see this quote I love it.

    Aye, and that were a mighty rough trip to dwarves and hobbits alike,

    @vrijvlinder said: 2020 about right then ?

    maybe there could be a joint release with this one-off plugin set to be released in 2020
    http://vanillaforums.org/discussion/23856/changing-user-group-after-a-certain-time

    I haven't gotten around to writing all the classes for my API application yet, but once I'm done it will be able to do all the things you're looking to do (get, create, update and delete users, log them in and out, get, create, update, delete discussions/comments/activity items/conversations/whatever).

    when you do, young and old will be dancing in the streets, (even people over 30).

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • jaredNZjaredNZ New
    edited June 2013

    Constructive replies would be helpful please. If $100 isn't sufficient set a price. Hardly helps build a community by mocking requests. I have dozens of users that can't post to forums because ProxyConnect is unreliable.

    Create User:

    • Insert user row into GDN_User - Where does the transient key in preferences come from?
    • Insert user auth into GDN_UserAuthentication - Generating token & token.secret?

    Login:

    • Insert user token into GDN_UserToken - Where does it decide to only insert a "request" vs "access" token?
    • Create Encrypted Cookie - Where is the final function for generating this cookie.

    Log out:
    - Destroy Vanilla, VanillaVolatile, VanillaProxy Cookies. Done,

  • jaredNZjaredNZ New
    edited June 2013

    "unreliable" ->

    1. They never get inserted into the GDN_User table. Causing..
    2. The GDN_UserAuthentication row shows "0" as the UserID with the ForeignKey.
    3. Then, when token generated they only get a "request" in the GDN_UserToken table.
  • hbfhbf wiki guy? MVP

    @jaredNZ said:
    Constructive replies would be helpful please. If $100 isn't sufficient set a price. Hardly helps build a community by mocking requests. I have dozens of users that can't post to forums because ProxyConnect is unreliable.

    Create User:

    • Insert user row into GDN_User - Where does the transient key in preferences come from?
    • Insert user auth into GDN_UserAuthentication - Generating token & token.secret?

    Login:

    • Insert user token into GDN_UserToken - Where does it decide to only insert a "request" vs "access" token?
    • Create Encrypted Cookie - Where is the final function for generating this cookie.

    Log out:
    - Destroy Vanilla, VanillaVolatile, VanillaProxy Cookies. Done,

    not sure this will be much help, but i wont be mocking you.

    writing 3rd party code to properly insert users into the user table is tough.
    logging someone in, is even tougher.

    the reason the SSO stuff is complicated, is because the code to handle vanilla user sessions is complicated.

    you are truly better off hiring someone to work the SSO integration for you, rather than trying to re-write 90% of SSO + Vanilla User Session management.

    i'm not the guy to do it, but i believe your $100 bounty may get someone knowledgeable in SSO to be able to do the integration for you (and make it work reliably) - if they are good with SSO, it should be 4-5 hrs of work.

    but from a development perspective, writing those API's is probably 60+ hours of work (just a guess, probably on the low side) i don't know anyone who would even get out of bed for $1.67 / hr

    that's my 2 cents.

    BTW - if all you are planning on using vanilla for is as a back end for storing and retrieving Discussions and posts, you really dont need vanilla. Vanilla is a full MVC framework with a forum application residing inside it. if im reading your request correctly, you have your own views for data display, and most of the controller actions are going to be handled by your "AppSite", which basically leaves you with vanilla as a bloated Model for your website.

This discussion has been closed.