Add support for event specific password protection #1244
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
github-actions
bot
added
the
status:conflicts
This comment was marked as resolved.
This comment was marked as resolved.
owi92
force-pushed
the
password-protected-videos
branch
from
8e8763f
to
30d55f1
Compare
owi92
changed the title
owi92
force-pushed
the
password-protected-videos
branch
4 times, most recently
from
8ed23b8
to
e252587
Compare
github-actions
bot
removed
the
status:conflicts
github-actions
bot
temporarily deployed
to
test-deployment-pr1244
owi92
force-pushed
the
password-protected-videos
branch
from
e252587
to
a2e4d24
Compare
github-actions
bot
temporarily deployed
to
test-deployment-pr1244
owi92
force-pushed
the
password-protected-videos
branch
from
a2e4d24
to
402869f
Compare
github-actions
bot
temporarily deployed
to
test-deployment-pr1244
owi92
force-pushed
the
password-protected-videos
branch
from
402869f
to
5fd35f1
Compare
github-actions
bot
temporarily deployed
to
test-deployment-pr1244
owi92
force-pushed
the
password-protected-videos
branch
from
5fd35f1
to
aca0209
Compare
github-actions
bot
temporarily deployed
to
test-deployment-pr1244
owi92
force-pushed
the
password-protected-videos
branch
from
aca0209
to
e4630aa
Compare
github-actions
bot
temporarily deployed
to
test-deployment-pr1244
LukasKalbertodt
force-pushed
the
master
branch
from
df91940
to
ac46ed4
Compare
LukasKalbertodt
requested changes
Oct 7, 2024
There was a problem hiding this comment.
Thanks for tackling this huge feature! The PR was nice to review commit by commit. And while below I have written quite a few comments, I think the general direction is absolutely correct, and all remarks are just "local problems", not really anything that requires rethinking everything.
Apart from the inline comments, while testing it I noticed these things:
- The "in flight" circle still spins when invalid credentials are entered on video page. Once the error is shown, the spinner should disappear. This only happens when entering them incorrectly twice... what.
- The whole page flashes when submitting credentials. Also, if the credentials were wrong, this means the entered credentials disappear, which is annoying if u only need to correct a typo.
I have to re-test everything again, but I think this is already a long enough review. I can test again after these things are fixed.
Comment on lines
5
to
7
| -- For convenience, all read roles are also copied over to preview roles. | ||
| -- Removing any roles from read will however _not_ remove them from preview, as they | ||
| -- might also have been added separately and we can't really account for that. |
There was a problem hiding this comment.
Mhhh this is tricky. So the thing you describe isn't great, right? Because yes, if we mix them together, we have no idea what was originally set. Just so I understand correctly: the only (as in 'singular', not to diminish the importance) reason to mix them together is to have easier queries, right? So we don't have to check both columns everywhere? Or is there more to it?
My gut feeling is to keep them separate. We might have already talked about this, in which case I forgot and would be happy to be reminded :D
Maybe in the future, the ACL selector allows users to select preview, read or write. Well mh no, that could work with either model. I suppose there is no operation that allows users to "just remove a single action permission" from an event, which is what would trigger the thing you mentioned here. The harvest process would also overwrite the whole ACL and wouldn't cause a problem with either model.
So right now I cannot think of a case where your model would break... mhhh. I might think about it a bit more.
There was a problem hiding this comment.
is there more to it?
no, I don't think there is.
We might have already talked about this
You suggested doing it like this when we first planned the whole thing. I then said "no lets not, because reasons™". But when implementing it, I realized that I actually find it nicer to have only one filter/check for access things, taking the cue from how read and write roles are handled (whenever something requiring read access is checked, it's not necessary to also check for write, as read also includes all write roles).
github-actions
bot
added
the
status:conflicts
This comment was marked as resolved.
This comment was marked as resolved.
owi92
force-pushed
the
password-protected-videos
branch
from
e4630aa
to
2632d55
Compare
github-actions
bot
removed
the
status:conflicts
LukasKalbertodt
requested changes
Oct 23, 2024
owi92
force-pushed
the
password-protected-videos
branch
2 times, most recently
from
0ca7595
to
121fd02
Compare
owi92
force-pushed
the
password-protected-videos
branch
from
121fd02
to
8c93f7d
Compare
LukasKalbertodt
added a commit
to LukasKalbertodt/tobira
that referenced
this pull request
Nov 18, 2024
See elan-ev#1244 (comment) I thought quite a bit about this and I think both options would have been fine, but I decided to change this for one reason in particular: currently, `read_roles` and `write_roles` reflect exactly what Opencast tells us. We of course also have columns with calculated values, but we should keep it fairly clear what columns are straight from OC and which ones are "our columns". Most importantly: if we ever would need to distinguish between read and preview, this would require a resync. This would be unfortunate, so I'd rather store the exact OC information so that we have it, just in case. I then decided to just adjust the few checks to check both columns, but we could also have added another column that holds the combination of the two. That's an implementation detail and we can still change it later. But yes, the more complicated checks don't seem like a problem to me.
|
This pull request has conflicts ☹ |
github-actions
bot
added
the
status:conflicts
This is in preparation for upcoming changes regarding event specific authentication. Users with a preview role but without read access will only be allowed to view text metadata like title and description of events corresponding to that role. Specifically they will not be allowed to watch the video or access "revealing" information like thumbnail, slide segments, captions or track data. This will be implemented in the following commit.
Authorized date is comprised of track information, segments, caption texts and thumbnails. This will be used to distinguish and handle any event data that is not viewable and shouldn't be exposed by the api when a user only has a `preview` role. The presence or absence of this data can be used to determine whether a user has a certain authorization level - this can be useful for certain frontend checks. This data will also get a credentials check which is to be performed on the backend side in a later commit. With that, it can be exposed when a user successfully authenticates.
Some video pages will now show a placeholder and note instead of the player, while these videos in series blocks and search results will have a "special" preview thumbnail instead of the real one. This applies to videos a user only has preview access to, which is a new special case: The event is authorized, but there is some data (thumbnail, captions, segments and tracks) that is only viewable when the user has at least read access.
These are supposed to be replaced by a generic preview image everywhere when a user only has a preview role. Search events use another table and an api that is missing the `authorized_data` field, so there needs to be an additional check to keep the thumbnails hidden. This poses another issue for authentication which will be addressed in a later commit.
Optional event credentials are now storable in DB, and the are some endpoints to check whether an event is password protected. This also adds a dummy check to `authenticated_data`, to simulate event authentication. Will be extended/replaced in a later commit.
This repurposes the UI component that is also used on our login page with some adjustments. The mask is shown on the video route, the embed route and also for video blocks in place of the video player. Entering the correct credentials will unlock the video.
"Sticky" meaning that once the credentials are verified, they won't need to be entered again until the user logs out. Anonymous users will need to re-enter the credentials once their browser session ends. This will also make sure that thumbnails in series blocks and search results are shown after a user has been authenticated for a given event.
The ETH sends their series credentials as SHA1 encoded strings including a username and password. This commit adds a config option that causes these credentials to be separated and stored in Tobira's DB when enabled. To authenticate, users will need to enter these credentials, which will then be hashed and checked against the ones we have from the ETH.
owi92
force-pushed
the
password-protected-videos
branch
from
8c93f7d
to
ae81723
Compare
github-actions
bot
removed
the
status:conflicts
This is not a good solution as it relies on a frontend check. Ideally this would be done in backend. This same applies for thumbnails in search results.
The ETH passwords are inherited from their series, so it is necessary to keep them in sync.
This replaces some relay logic with relay's `fetchQuery` in order to be able to directly react to the query result or failure. I suspect this should also be possible with `loadQuery` and/or `usePreloadedQuery` but I couldn't figure it out. There was sth going on with the previous implementation that was causing the whole page to reload when submitting correct credentials, while entering the wrong credentials caused the loading indicator to spin indefinetely - huh? I don't know what exactly caused this. Anyway, the new solution also makes the whole video route file a little smaller and saves two middle-man components as well as some props. I think it's an overall improvement in terms of readability and maintainability (and fixes the afore mentioned issues).
Authenticating for an event will now also store that event's series id with its credentials. With that, all events of that particular series will be unlocked. This is a feature only used by the ETH, and as such must be enabled via a configuration option.
Before this change, authenticating a video on video pages or in video blocks would not rerender series blocks, i.e. the thumbnails would not reflect the fact that the videos of these blocks were unlocked. This adds a shared state through context so these blocks are now rerendered and correctly show the videos as unlocked.
owi92
force-pushed
the
password-protected-videos
branch
from
ae81723
to
35e0a07
Compare
LukasKalbertodt
added a commit
to LukasKalbertodt/tobira
that referenced
this pull request
Nov 19, 2024
See elan-ev#1244 (comment) I thought quite a bit about this and I think both options would have been fine, but I decided to change this for one reason in particular: currently, `read_roles` and `write_roles` reflect exactly what Opencast tells us. We of course also have columns with calculated values, but we should keep it fairly clear what columns are straight from OC and which ones are "our columns". Most importantly: if we ever would need to distinguish between read and preview, this would require a resync. This would be unfortunate, so I'd rather store the exact OC information so that we have it, just in case. I then decided to just adjust the few checks to check both columns, but we could also have added another column that holds the combination of the two. That's an implementation detail and we can still change it later. But yes, the more complicated checks don't seem like a problem to me.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This adds the necessary backend and frontend implementations to allow event specific authentication as done by the ETH.
For technical information, see commit messages. @LukasKalbertodt to test this, you can use this DB command:
Of course you can use any other event. This will give the event the password user
passand the passwordword.Test here (credentials are "user" and "password")
Closes #1186