Nick FunkandKim Gardner 46f0d08cf7 [CORL-236] Allow user to delete their account (#2495)
* Create preliminary account deletion program flow

Does not validate password as of yet.
Does not submit a mutation to begin deletion scheduling.

CORL-236

* Create preliminary account deletion confirmation form and schema mutation

Hooks up validation and error handling to confirm the user's
password during account deletion.

Scheduling the account deletion is not implemented yet.

CORL-236

* Update requestAccountDeletion to set the user's scheduled deletion date

CORL-236

* Create preliminary cron job for scheduled account deletions

CORL-236

* Show tombstoned comments when the user has deleted their account and comments

CORL-236

* Pull in client locales for date formatting on account deletion steps

CORL-236

* Update more areas due to comment revision being nullable

CORL-236

* Allow users to cancel their account deletion request

CORL-236

* Show account deletion callout at the top of the profile stream tab

CORL-236

* Further comments and edge case handling for deleted comments site wide

CORL-236

* Show account deletion callout in the comments stream tab

CORL-236

* Send out emails during relevant account deletion events

- Confirm deletion requested
- Cancellation of deletion request
- Account deletion completed

CORL-236

* Unset emails when deleting user accounts instead of setting to null

Fixes email index collision error from setting multiple emails to null.

CORL-236

* Show organization email in account deletion steps

CORL-236

* Mark comments as deleted so that we can properly tombstone them in the stream

CORL-236

* Fix improper templating for account deletion completed emails

Sub organization name in where previously we were using the account username.

CORL-236

* Disable user drawer and display deleted flag on users in community

CORL-236

* Check for author before passing inReplyTo in ModerateCardContainer

Sometimes null when user is deleted.

CORL-236

* Tombstone moderate cards when the underlying comment is deleted

CORL-236

* Re-add deleted field to CommentContainer fragment

CORL-236

* Disable commenting or replying when user is scheduled for deletion

CORL-236

* Add snapshot tests around deletion states for comment cards and forms

CORL-236

* Add tests around the account deletion steps

CORL-236

* Set account deletion to run every 30 minutes

CORL-236

* Rename DELETION authorization to PENDING_DELETION

CORL-236

* Change log message for when account deletion tasks finds no more users to delete

CORL-236

* Update snapshots to handle proper deleted flag for scheduled deleting users

CORL-236

* Fix import ordering on various files to match coding standards

CORL-236

* Specify tenantID when querying for user during deletion

CORL-236

* Add back missing clientMutationId on cancelAccountDeletion mutation

CORL-236

* Use $unset to clear the scheduledDeletionDate

CORL-236

* Simplify create of scheduledAccountDeletion CRON function

CORL-236

* Rename and organize scheduledTask creation logic

- Rename startCronJobs to startScheduledTasks
- Return an object of named ScheduledTask items instead of an array of tasks

CORL-236

* Add comment about returning updated user when clearing scheduledDeletionDate

CORL-236

* Remove unnecessary array around tenant.locale in dateTime formatter

CORL-236

* Remove unnecessary non-null enforcement on tenant.id

CORL-236

* Remove string templated React element content

CORL-236

* Move english translated validation error to correct language file

CORL-236

* Simplify rendering of DeletionRequestCallout when deletionDate isn't available

CORL-236

* Use ternary expression instead of multiple {bool && (...)} checks

CORL-236

* Use classes object with line child style to style the step bar

CORL-236

* Update StepBar so that children of Step nodes can be undefined

Allows us to not have to insert empty placeholder strings/elements when
we want to have an empty step node.

CORL-236

* Remove use of luxon from account deletion request callouts for now

We need to decide if the extra 15KB from luxon is worth it in our bundles
before making this change.

CORL-236

* Remove unnecessary embed/deleteAccount endpoint

CORL-236

* Move DeleteAccountModal contents into a separate component

Cleans up the state management when user closes the modal and we
need the modal steps to restart.

CORL-236

* Remove localization around delete account button icon

CORL-236

* Use inline `collection(mongo)` in clearing and setting deletion date

CORL-236

* Simplify form state validation on account deletion confirm page

CORL-236

* Add todo to iterate over tenants in account deletion

CORL-236

* Remove punctuation and add context to logger messages during account deletion

CORL-236

* Break out mongo collection initialization into a shared object

Also adds a try catch error handling around the scheduled deletion
operations. Prevents errors from taking the server down.

CORL-236

* Add TODO to extract out a common formatter for date times

CORL-236

* Update translations for account deletion details

CORL-236

* Update translations for account deletion completion page

CORL-236

* During scheduled deletion, when locking deletion date, return modified user

CORL-236

* Remove un-necessary fragment container around deletion steps component

CORL-236

* Move preventSubmit outside of render function on ConfirmPage

CORL-236

* Convert collections into object of Mongo db collection initializers

Allows us to only initialize the collections we need with our
Mongo instance.

CORL-236

* Remove un-necessary lambda wrapping around collections initializer functions

CORL-236
2019-09-03 16:38:43 -06:00
2019-08-12 14:55:29 -04:00
2019-04-15 19:46:55 +02:00
2018-06-21 10:44:36 -06:00
2019-03-12 15:12:21 +01:00
2018-07-06 13:08:10 -06:00
2019-05-22 21:32:24 +02:00
2019-08-12 14:55:29 -04:00
2019-08-12 14:55:29 -04:00
2019-06-14 16:27:25 +00:00
2019-03-15 13:15:31 -06:00
2019-05-09 22:54:56 +02:00

Coral CircleCI

Online comments are broken. Our open-source commenting platform, Coral, rethinks how moderation, comment display, and conversation function, creating the opportunity for safer, smarter discussions around your work. Read more about Coral here.

Built with <3 by The Coral Project, a part of Vox Media.

Preview Coral easily by running Coral via a Heroku App:

Deploy

Table of Contents

Requirements

  • MongoDB >=3.6
  • Redis >=3.2
  • NodeJS >=10
  • NPM >=6.7

Running

You can install Coral using Docker or via Source. We recommend Docker, as it provides the easiest deployment solution going forward, as all the dependencies are baked and shipped with the provided coralproject/talk:next image. When v5 releases to master, you'll be able to select it using coralproject/talk:5.

Docker

The easiest way to get started with Coral is through our published Docker image and provided example docker-compose.yml file. The following assumes that you have Docker and Docker Compose installed on your local machine:

# Create directories to persist the data in MongoDB and Redis.
mkdir -p data/{mongo,redis}

# Create the `docker-compose.yml` file to get started.
cat > docker-compose.yml <<EOF
version: "2"
services:
  talk:
    image: coralproject/talk:next
    restart: always
    ports:
      - "127.0.0.1:3000:5000"
    depends_on:
      - mongo
      - redis
    environment:
      - MONGODB_URI=mongodb://mongo:27017/coral
      - REDIS_URI=redis://redis:6379
      - SIGNING_SECRET=<replace me with something secret>
  mongo:
    image: mongo:3.6
    volumes:
      - ./data/mongo:/data/db
  redis:
    image: redis:3.2
    volumes:
      - ./data/redis:/data
EOF

# Start up Coral using Docker.
docker-compose up -d

Then head on over to http://localhost:3000 to install Coral!

Source

Coral requires NodeJS >=10, we recommend using nvm to help manage node versions: https://github.com/creationix/nvm.

# Clone and cd into the Coral directory.
git clone https://github.com/coralproject/talk.git
cd talk

# Install dependencies.
npm install

# Build the application dependencies.
# This might take a while.
npm run build

This should output all the compiled application code to ./dist.

Running Coral with default settings assumes that you have:

  • MongoDB >=3.6 running on 127.0.0.1:27017
  • Redis >=3.2 running on 127.0.0.1:6379

If you don't already have these databases running, you can execute the following assuming you have Docker installed on your local machine:

docker run -d -p 27017:27017 --restart always --name mongo mongo:3.6
docker run -d -p 6379:6379 --restart always --name redis redis:3.2

Then start Coral with:

# Start the server in production mode.
npm run start

Then head on over to http://localhost:3000 to install Coral!

Embed On Your Site

With Coral setup and running locally you can test embeding the comment stream with this sample embed script:

<div id="coral_thread"></div>
<script type="text/javascript">
(function() {
    var talk = document.createElement('script'); talk.type = 'text/javascript'; talk.async = true;
    var url = '{{ CORAL_DOMAIN_NAME }}';
    talk.src = '//' + url + '/assets/js/embed.js';
    talk.onload = function() {
        Coral.createStreamEmbed({
            id: "coral_thread",
            autoRender: true,
            rootURL: '//' + url,
        });
    };
    (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(talk);
})();
</script>

NOTE: Replace the value of {{ CORAL_DOMAIN_NAME }} with the location of your running instance of Coral.

Single Sign On

In order to allow seamless connection to an existing authentication system, Coral utilizes the industry standard JWT Token to connect. To learn more about how to create a JWT token, see this introduction.

  1. Visit: https://{{ CORAL_DOMAIN_NAME }}/admin/configure/auth
  2. Scroll to the Login with Single Sign On section
  3. Enable the Single Sign On Authentication Integration
  4. Enable Allow Registration
  5. Copy the string in the Key box
  6. Click Save

NOTE: Replace the value of {{ CORAL_DOMAIN_NAME }} with the location of your running instance of Coral.

You will then have to generate a JWT with the following claims:

  • jti (optional) - A unique ID for this particular JWT token. We recommend using a UUID for this value. Without this parameter, the logout functionality inside the embed stream will not work and you will need to call logout on the embed itself.
  • exp (optional) - When the given SSO token should expire. This is specified as a unix time stamp in seconds. Once the token has expired, a new token should be generated and passed into Coral. Without this parameter, the logout functionality inside the embed stream will not work and you will need to call logout on the embed itself.
  • iat (optional) - When the given SSO token was issued. This is required to utilize the automatic user detail update system. If this time is newer than the time we received the last update, the contents of the token will be used to update the user.
  • user.id (required) - the ID of the user from your authentication system. This is required to connect the user in your system to allow a seamless connection to Coral.
  • user.email (required) - the email address of the user from your authentication system. This is required to facilitate notification email's about status changes on a user account such as bans or suspensions.
  • user.username (required) - the username that should be used when being presented inside Coral to moderators and other users.
  • user.badges (optional) - array of strings to be displayed as badges beside username inside Coral, visible to other users and moderators. For example, to indicate a user's subscription status.
  • user.role (optional) - one of "COMMENTER", "STAFF", "MODERATOR", "ADMIN". Will create/update Coral user with this role.

An example of the claims for this token would be:

{
  "jti": "151c19fc-ad15-4f80-a49c-09f137789fbb",
  "exp": 1572172094,
  "iat": 1562172094,
  "user": {
    "id": "628bdc61-6616-4add-bfec-dd79156715d4",
    "email": "bob@example.com",
    "username": "bob"
  }
}

With the claims provided, you can sign them with the Key obtained from the Coral administration panel in the previous steps with a HS256 algorithm. This token can be provided in the above mentioned embed code by adding it to the createStreamEmbed function:

Coral.createStreamEmbed({
  // Don't forget to include the parameters from the
  // "Embed On Your Site" section.
  accessToken: "{{ SSO_TOKEN }}",
});

Or by calling the login/logout method on the embed object:

var embed = Coral.createStreamEmbed({
  // Don't forget to include the parameters from the
  // "Embed On Your Site" section.
});

// Login the current embed with the generated SSO token.
embed.login("{{ SSO_TOKEN }}");

// Logout the user.
embed.logout();

SSO Login Prompts

In order to handle login prompts (e.g. a user clicks on the sign in button) you can listen to the loginPrompt event.

var embed = Coral.createStreamEmbed({
  // Don't forget to include the parameters from the
  // "Embed On Your Site" section.
  events: function(events) {
    events.on("loginPrompt", function() {
      // Redirect user to a login page.
      location.href = "http://example.com/login";
    });
  },
});

Development

Running Coral for development is very similar to installing Coral via Source as described above.

Coral requires NodeJS >=10, we recommend using nvm to help manage node versions: https://github.com/creationix/nvm.

# Clone and cd into the Coral directory.
git clone https://github.com/coralproject/talk.git
cd talk

# Install dependencies.
npm install

Running Coral with default settings assumes that you have:

  • MongoDB >=3.6 running on 127.0.0.1:27017
  • Redis >=3.2 running on 127.0.0.1:6379

If you don't already have these databases running, you can execute the following assuming you have Docker installed on your local machine:

docker run -d -p 27017:27017 --restart always --name mongo mongo:3.6
docker run -d -p 6379:6379 --restart always --name redis redis:3.2

We recommend installing watchman for better watch performance.

# On macOS, you can run the following with Homebrew.
brew update
brew install watchman

Then start Coral with:

# Run the server in development mode in order to facilitate auto-restarting and
# rebuilding when file changes are detected. This might take a while to fully run.
npm run watch

When the client code has been built, navigate to http://localhost:8080/install to start the installation wizard. Note: Ensure localhost:8080 is used in the permitted domains list.

To see the comment stream goto http://localhost:8080/.

To run linting and tests use the following commands:

# Run the linters.
npm run lint

# Run our unit and integration tests.
npm run test

Email

To test out the email sending functionality, you can run inbucket which provides a test SMTP server that can visualize emails in the browser:

docker run -d --name inbucket --restart always -p 2500:2500 -p 9000:9000 inbucket/inbucket

You can then configure the email server on Coral by setting the email settings in Configure -> Email in the admin:

Field Value
From Address community@test.com
Secure No
Host localhost
Port 2500
Authentication No

Navigate to http://localhost:9000, click the "Monitor" tab. New emails received on this screen.

Design Language System (UI Components)

We use docz to document and develop our Design Language System. To start docz run:

# Make sure CSS types are generated.
# This is not required when `npm run watch` is already running.
npm run generate:css-types

# Run docz in development.
npm run docz -- dev

After compilation has finished you can access docz at http://localhost:3030/.

Configuration

The following environment variables can be set to configure the Coral Server. You can expose them in your shell via export NODE_ENV=development or by placing the variables in a .env file in the root of the project in a simple NODE_ENV=development format delimited by newlines.

  • NODE_ENV - Can be one of production or development. All production deployments should use production. Defaults to production when ran with npm run start and development when run with npm run start:development.
  • PORT - The port to listen for HTTP and Websocket requests. (Default 3000)
  • MONGODB_URI - The MongoDB database URI to connect to. (Default mongodb://127.0.0.1:27017/coral)
  • REDIS_URI - The Redis database URI to connect to. (Default redis://127.0.0.1:6379)
  • REDIS_OPTIONS - A JSON string with optional configuration options to be used when connecting to Redis as specified in the ioredis documentation. (Default: {})
  • SIGNING_SECRET - The shared secret to use to sign JSON Web Tokens (JWT) with the selected signing algorithm. 🚨 Don't forget to set this variable! 🚨 (Default: keyboard cat)
  • SIGNING_ALGORITHM - The signing algorithm to use for signing JWT's. (Default HS256).
  • LOGGING_LEVEL - The logging level that can be set to one of fatal, error, warn, info, debug, or trace. (Default info)
  • STATIC_URI - The URI that static assets can be accessed from. This URI can be to a proxy that uses this Coral server on PORT as the upstream. Disabled by default.
  • DISABLE_TENANT_CACHING - When true, all tenants will be loaded from the database when needed rather than keeping a in-memory copy in sync via published events on Redis. (Default false)
  • DISABLE_MONGODB_AUTOINDEXING - When true, Coral will not perform indexing operations when it starts up. This can be desired when you've already installed Coral on the target MongoDB, but want to improve start performance. You should not use this parameter unless you know what you're doing! Upgrades may introduce additional indexes that the application relies on. (Default false)
  • LOCALE - Specify the default locale to use for all requests without a locale specified. (Default en-US)
  • ENABLE_GRAPHIQL - When true, it will enable the /graphiql even in production, use with care. (Default false)
  • CONCURRENCY - The number of worker nodes to spawn to handle web traffic, this should be tied to the number of CPU's available. (Default os.cpus().length)
  • DEV_PORT - The port where the Webpack Development server is running on. (Default 8080)
  • METRICS_USERNAME - The username for Basic Authentication at the /metrics and /cluster_metrics endpoint.
  • METRICS_PASSWORD - The password for Basic Authentication at the /metrics and /cluster_metrics endpoint.
  • CLUSTER_METRICS_PORT - If CONCURRENCY is more than 1, the metrics are provided at this port under /cluster_metrics. (Default 3001)
  • DISABLE_LIVE_UPDATES - When true, disables subscriptions for the comment stream for all stories across all tenants (Default false)
  • WEBSOCKET_KEEP_ALIVE_TIMEOUT - A duration in a parsable format (e.g. 30 seconds , 1 minute) that should be used to send keep alive messages through the websocket to keep the socket alive (Default 30 seconds)
  • TRUST_PROXY - When provided, it configures the "trust proxy" settings for Express (See https://expressjs.com/en/guide/behind-proxies.html)

License

Coral is released under the Apache License, v2.0.

S
Description
A better commenting experience from Vox Media
Readme
39 MiB
Languages
TypeScript 82.5%
Fluent 9.2%
CSS 5%
FreeMarker 1.6%
JavaScript 0.9%
Other 0.7%