Various discussions about membership system

You can see here:

Lines 123 to 175 have numerous checks in the code for:

  1. Line 123 = Address not provided at all
  2. Line 135 = Address is too short (<= 2 lines), it needs to be formatted as multiple lines rather than comma seperated.
  3. Line 154 = Postcode format is invalid, you can check the postcode checker here: https://regexr.com/4on0o

This was written 2 years ago so the postcode format may have changed, part of the issue is that the specific error is not shown in the web interface, but only in an error log, this means people get an invalid address error, rather than one that says what is wrong with the address, i.e. which check failed.

I can fix this quite easily if the directors wanted. It seems to me like it has been 2 years since this system was updated and work is needed to address common issues.

1 Like

I sat down to work though this last week, but quickly got bogged down in the number of pull requests that need review. Also, not entirely sure what the logical order to apply these pulls are

Looking into the PR it look like to be safe to merge
#366, #363, #363, #361, #355

But obviously t will require a quick regression test to make sure any of those don’t break any existing code especially for the vulnerability

Questionably #355, #354, #321 and #319 have been raised for over a year so unless proper collaboration and review can be done I will ditch them unless they resolve particular issues

Just a thought don’t attack me as I’m just trying to help here. If I’m wrong my apologies and I hope you’ll forgive me.

2 Likes

That worked for some reason, thanks so much!

Although I agree they do solve specific issues.

@peter_hellyer I’ll try look at it over the weekend and pull it all into one PR you can more easily apply.

1 Like

that would be most excellent.

The last update of the membership system was around April 2018 I’ve tagged the live version as 2.7.0 and then there are two updates since then.

Changes in order are:

  • Better logging
    This was recommended by @systems
  • Better communication that membership is closed due to capping
    This was based off clear confusion that appears to be ongoing to this day about the membership being closed.
  • Prevent duplicate linking to Discourse
    This was to prevent conflict during sync.
  • Improve API security by adding read and write permissions for API keys
    This was to allow more open sharing of API keys for projects like door status without having to trust the member with full access.
  • Add a special page to help users check if they are a member or not.
    This was intended to answer common questions on the forum.
  • Various major security updates for the last 2+ years since it was updated.

So you should merge this first:

Then this:

1 Like

I’ve noticed that the update of Mongooose is resulting in a lot of depreciation messages, I am trying to figure out a way around these.

You can also merge this:

Cool, let me know when you’re ok with all the pulls, and I’ll finish up.

When I pull to the server, what do I explicitly need to backup?

Will do, I’d suggest you do the update in the space so you can easily check the shutter, door, and kiosk work.

  1. You need to shut down everything, I think it’s using forever but it might be pm2.
  2. Mongo dump
  3. Backup the entire folder just in case we need a quick roll back.
  4. Git pull
  5. Reboot or spin the servers up.

EDIT:

Also you’ll need to update to Node.js v10 so would be worth investigating how we installed it in the past using the history command.

ah, I might need to get someone else to collude, as I now live in Staffordshire…

You could arrange for a member to be on site and available by phone during the update? The most they’d need to do is reboot the Raspberry Pi that interfaces between the doorbot and the membership system, (control-node). Which is easily done.

@directors @naxxfish is asking if you want the GDPR user export feature and such completed?