sandstorm-io/sandstorm

Install script should lowercase all domain names

Open

#3641 opened on Jul 13, 2022

View on GitHub
 (3 comments) (0 reactions) (0 assignees)JavaScript (6,583 stars) (737 forks)batch import
buggood first issueinstall-configself-hosting

Description

A new user submitted the following error to the mailing list today when trying to set up Google login on a new Sandcats install:

{"line":"405","file":"oauth_server.js","message":"Error in OAuth Server: redirectUrl (https://example.sandcats.io/setup/user) is not on the same host as the app (https://EXample.sandcats.io/)","time":{"$date":1657666882313},"level":"warn"} Exception while invoking method 'login' Error: Failed to complete OAuth handshake with Google. failed [400] { "error": "redirect_uri_mismatch", "error_description": "Bad Request" } at getTokens (packages/google-oauth/google_server.js:105:7) at Object.getServiceData [as handleOauthRequest] (packages/google-oauth/google_server.js:80:58) at OAuth._requestHandlers.<computed> (packages/oauth2/oauth2_server.js:10:33) at middleware (packages/oauth/oauth_server.js:170:5) at /programs/server/npm/node_modules/meteor/promise/node_modules/meteor-promise/fiber_pool.js:43:40

The user had registered EXample as his subdomain instead of example, and Google OAuth failed to match that. Attempting to use capital letters with Google OAuth in any way seemed to throw it off. The user ended up reinstalling with the lowercase version of his subdomain.

Note that I do not know if Sandcats deduplicates capitalized and lowercase subdomains in registrations, so I am unsure if the user had to recover the subdomain or if it allowed re-registration, or if it kept the existing keys during the uninstall and reinstall process.

But I think we should adjust the install script to lowercase all domain names and Sandcats subdomains automatically.

Contributor guide

Tech stack
shelljavascript
Domain
backend
Issue type
bug
DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.
2
Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.
under 1 hour
Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.
fresh
ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.
clear
Prerequisites
bash scriptingbasic understanding of domain names
Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.
85
Research direction
The issue requires modifying the install script to lowercase domain names before registration. The script is likely a shell script (e.g., install.sh). Add a line to convert the user provided domain to lowercase using ${domain,,} or tr '[:upper:]' '[:lower:]'. Additionally, check if the backend JavaScript code that handles OAuth or domain validation needs to be adjusted to accept case insensitive domains. The main fix is in the shell script. See the issue comments for more context.