wrr / wwwhisper Goto Github PK

The execution path wasn't correctly updated to the new django-browserid API. User email is incorrectly obtained and causes auth request 500 failure.

I guess not an issue but would be great to see this add on available in Europe

I get this error on open routes:

Failed to load resource: the server responded with a status of 401 () /wwwhisper/auth/api/whoami/?_=1525223489528

Is there any way to prevent this?

auth_request no longer needs to be installed from an external source.

I'm using WWWhisper in my RoR application, but I want to know if there's a way to get the user's email that was used to log-in through whisper? Is there someway I can hook into the whisper layer from within my app to get this information?

I'm trying to package wwwhisper for Arch Linux and (Arch being Arch) it packages the latest django-browserid. Any reason wwwhisper still uses 0.10.1?

Hi, I have a heroku node express app with wwwhisper addon. I'm pretty sure it's setup correctly and I've enabled cors too. However when requesting an access token I'm getting this error message - "Failed to send the token to {EMAIL}: Cross origin requests not allowed." any pointers? thanks.

This would be extremely useful for health checking and continuous deployment tools.

For my team it takes about 10+ minutes to receive the email with the link.

We are based in NH and we are testing out your add-on with 'solo' version.

Is it supposed to take this long?

wwwhisper does not work after updating to the newest django-browserid API.

Append Google Account support

At this moment wwwhisper does not include any third party GPL code that would block the switch of the license. Since starting the project I've changed my preferences and I'm now more in favor of simpler licenses. For a server side program GPL offers little benefits anyway, because everyone is allowed to modify and run modified versions of the software without publicly sharing the modifications.

After I got some weird 500 errors popping up while using wwwhisper I wanted to find the source of the error and it ended up being uwsgi fault.

The default uwsgi configuration allocates 4096 bytes for the headers of each request. That ends up only allowing a request on a page protected by wwwhisper to only allow around 1100 characters as get parameters before errors starts to happened.

The error comes from the sub-request doing the authentication check.

401 error

2014.. [notice] 42#0: *2691, request: "HEAD /{x*1160}
2014.. [notice] 42#0: *2691, request: "HEAD /{x*1160} HTTP/1.1", subrequest: "/wwwhisper/auth/api/is-authorized/", host: "..."
2014.. [notice] 42#0: *2691, request: "HEAD /{x*1160}

500 error

2014.. [notice] 42#0: *2747, request: "HEAD /{x*1161}
2014.. [notice] 42#0: *2747, request: "HEAD /{x*1161} HTTP/1.1", subrequest: "/wwwhisper/auth/api/is-authorized/",
2014.. [error] 42#0: *2747 recv() failed (104: Connection reset by peer) while reading response header from upstream, request: "HEAD /{x*1161} HTTP/1.1", subrequest: "/wwwhisper/auth/api/is-authorized/", upstream: "uwsgi://unix:/wwwhisper/sites/.../uwsgi.sock:",    
2014.. [notice] 42#0: *2747, request: "HEAD /{x*1161} HTTP/1.1", subrequest: "/50x.html", upstream: "uwsgi://unix:/wwwhisper/sites/https.....443/uwsgi.sock",    
2014.. [error] 42#0: *2747 auth request unexpected status: 502 while sending response to client, request: "HEAD /{x*1161}
2014.. [notice] 42#0: *2747, request: "HEAD /{x*1161}

You will get errors saying invalid request block size in the uwsgi output.

The solution is simple, and looks harmfull..
Adding --buffer-size=16384 to the list of parameters in https://github.com/wrr/wwwhisper/blob/master/run_wwwhisper_for_site.sh#L72 fixed the problem. Something to do upstream?

There is also some info at https://uwsgi-docs.readthedocs.org/en/latest/ThingsToKnow.html mentioning this.

I did not create a pull-request for this because the fix is way to simple..

Current scripts and documentation allow to setup wwwhisper with nginx. We have middlewares to easily integrate wwwhisper with Ruby's Rack and Node.js's Connect, but currently the middlewares are used only with wwwhisper service on Heroku.

The documentation and setup scripts need to be extended to allow using the middlewares with standalone wwwhisper instances. For example, current setup uses Unix socket for communication between nginx and wwwhisper. For Rack and Connect, standard TCP port is needed.

Looks cool, but I do most of my work w/ Flask. So I'm curious if there are any Python plans.

👍

Append Twitter Account support.

Persona will turn off the 30th of November, see https://developer.mozilla.org/en-US/Persona

There are a lot of information @ https://wiki.mozilla.org/Identity/Persona_Shutdown_Guidelines_for_Reliers and the source is available @ https://github.com/mozilla/persona

If Mozilla is shutting the service down, the state of the opensource project should also be considered. Will it die out? Maybe it is better to replace the login logic with something more generic? Maybe python social auth is the way to go (http://psa.matiasaguirre.net/)?

When I try to use a non-Heroku domain I receive this error:

Failed to send the token to XYZ: Cross origin requests not allowed.

Even though this domain is listed in the "Allowed addresses" section.

Using Docker can simplify setup of a standalone wwwhisper instance.

Append Github Account support.

After renaming Heroku app wwwhisper add-on stooped work correctly.

By opening Heroku app in the browser I got message:
Invalid request URL, you can use wwwhisper admin to allow requests from this address.

Add-on admin panel (...wwwhisper/admin/) also was not available.

I had to remove and add add-on once again to make it work and have access to the admin panel.

I just released an App to Heroku and I am exploring wwwwhisper. I noted that users' emails need to be in the list. I was wondering if there is an plan with integrating this with external databases? Basically, I would like the users to sign up.

When a user is authorized, wwwhisper can return the user's email in HTTP header. Nginx can then pass the email to backends. Such setup will likely require HttpHeadersMore module.