Flagrow guardian an additional security layer

luceos

cbmainz disable and enable the extension. The translations are available, but only get published when enabling the extension. A bit stupid yes.

cbmainz

luceos ah, yes of cause, actually I knew this already but forgot this in this special moment.

But still some strings are in english and some in german. This was not like this in 0.1.1.

luceos

cbmainz that's because the time strings are from the flarum installation (and have been translated), my packages only supports en, because there are not other translations yet.

luceos

So this extension is now usable for listing users, make sure you upgrade to 0.1.3-beta.3 or higher and re-enable the extension.

matpompili

RayZorYubo The autoloading is not working. Try to remove the extension with

composer remove hyn/flarum-guardian

Then run an update

composer update

And then reinstall

composer require hyn/flarum-guardian

RayZorYubo

matpompili https://gyazo.com/bd87b4526565259ca1e1060b53740838
:/

UPDATE: Working! Thanks 🙂

luceos

RayZorYubo if your issues continue, please post a new thread under support. Your installation procedure is wrong, we will need more background information in order to solve it permanently.

Thank, I cleaned up the thread.

Averell

Hello, last week I manage to install this extension using the the third way described below and it worked fine, thanks. But I deleted all and reinstalled from scratch, and this time I failed to install this extension (French and SMTP installed OK)

composer  require  hyn/guardian

  [InvalidArgumentException]
  Could not find package hyn/guardian at any version for your minimum-stability (beta). 
Check the package spelling or your minimum-stability

Drop the extension in the extensions directory
Open the extension admin, the extension is present
Activate
Now Flarum gives me a blank page, with no error message
If I delete the extension (or at least the bootstrap.php file), Flarum works again.
Copy again the extention --> blank page.

Any idea of what is wrong ?

luceos

composer require hyn/flarum-guardian

You're missing flarum- in the package name.

Averell

Thanks @luceos and sorry for this silly mistake.
But I still have a question : The window opened by the "Add Extension" button says :

In the meantime, if you manage to get your hands on a new extension, simply drop it in your forum's extensions directory.

Why was this impossible (explained in my previous message) ? This is not particular to hyn/guardian, I tried also with vingle-configure-smtp and the reaction was the same. The french translation installed well by this way.

luceos

Averell that's old it should be removed.

Dominion

Slightly off-topic FYI:

Averell But I still have a question : The window opened by the "Add Extension" button says :

In the meantime, if you manage to get your hands on a new extension, simply drop it in your forum's extensions directory.

The Add Extension modal is a temporary placeholder, so we haven't given much attention to the information in it. We didn't even bother to extract those strings for translation! As a result, what you're seeing there is old information (as luceos said) that predates the adoption of Composer.

Since that's likely to cause confusion going forward, I've PRed a couple of changes to bring this modal up to date.

Averell

Hello, @luceos I have a problem with the "Active" column : Works fine on my test installation on my computer. On a copy on a website, all users are shown active. The database is OK.
Nothing meaningful in the console.
Can you tell me how to debug that ?

Funny : The "last time" for my present connection indicates " In a few minutes".

Also : One user is indicated "never" for "last online", but I used this login 20 minutes ago and the database is OK.

luceos

Averell there are quite some bugs in the current release. I'm working on the next one, but as that one holds way more features a new release cannot be expected any time soon. I hope to improve this by moving Guardian to Flagrow, so both I, @matpompili and possible future maintainers can guarantee it's getting the attention it deserves.

luceos

Guardian is now part of the Flagrow group.

luceos

Latest dev-master is now showing all user ip's on each post, it needs a custom permission before I'll tag a new version. A little progress update so you know this is not a stale extension 😉

Thanks @matpompili for your expert frontend knowledge!

Toby

luceos Latest dev-master is now showing all user ip's on each post, it needs a custom permission before I'll tag a new version.

This is also planned for core, btw. See https://github.com/flarum/core/issues/657. Feel free to send a PR!

Dominion

Toby Feel free to send a PR!

As I mentioned over here, there seems to be some vagueness about the purpose of the Guardian extension. One would suppose from the name that it is intended as a security add-on, but much of its stated functionality seems to fit better in the user management category.

I'm guessing that it's been focussing so much on the user management functionality because it needed someplace to display the security-related information. But wouldn't some of that infrastructure be better in the core? I think this would be a good time to assess what needs to go where, so that this functionality makes sense from the perspective of overall usability.

For example: the user list provided by Guardian is probably the best place to add in the "create new user" admin functionality being discussed in the thread I've linked above. But ... we've also had repeated feature requests for a user list that's visible to other users. That's a common feature for forums to have, and one that Flarum still lacks. Should such a user list be provided by a separate extension other than Guardian? If so, how do we rationalize the duplication of functionality this would represent?

If I were designing this, I'd probably take the user list functionality out of Guardian and put it in the core, accessible at a URL such as example.com/u/ (which currently returns a 404). Whether this user list is accessible by non-admin non-mod members would be controlled by a permission setting.

I would also add the user controls that are currently displayed on the user profile page to the user list page as well (with appropriate permissions, of course). And I'd add a "create new user" button at the top of that page (again, with appropriate permissions). That would be a reasonable thing to have in the core, I think; the ability to create users is akin to the ability to edit users, which is already in the core.

luceos

Interesting discussion, would have loved to have seen this outside this thread with a backreference here. Would therefore also have loved the Split extension ready by now 😉

Let's be clear about a few things here:

None of my packages (nor those of Flagrow) ever have the ambition to and never will duplicate core code.
All of the packages I contribute to were born out of a specific need.
The purpose of Guardian is to provide a toolset for mods to identify users with bad intent at first and perhaps add more of such functionality later. Without a user list to hook into, I needed that to happen first.
I would never have added this to Guardian if I would have written that page flawlessly in my first attempt, it would have become a PR. This also goes for showing IP's. Writing extensions like these are my journey to mastering all aspects of the Flarum stack; where I still lack seriously on the frontend side (jsx, mithril etc). You don't want to know how long it took to create that simple user listing and it doesn't even have a search yet lol!
Although I do contribute to core in a subtle manner for now, my personal goal is not to contribute there yet. Core development is progressing at a stable pace as is. My concerns as a community manager are with third party extension development, in order to help those devs I must have a basic grasp of those skills. Flagrow and the gitter flarum/developers channel are both meant as incubators/stimulus for valuable extension developers and .. we'll never know what role they may assume in the future.
In my opinion the goal and the behavior of an extension should be completely up to the package developer (as long as it doesn't breach any ethical barriers). The core team should not "rationalize" on code duplication whatsoever, it can however - as Toby kindly suggested - request PR's to happen.

TL;DR, Guardian will never duplicate core code, a PR for a user list and showing the IP to admins will happen soon, either by me or by someone else.

Dominion

Kulga By having user management functions be a extension, people can choose the better one for them. Since the vital information (ip addresses, time of posting, users in database) is there, any extension can access the same data and manage it differently.

Granted. I was talking about putting it in core mainly because Toby had mentioned the (only vaguely related) idea of adding the feature that will display IP numbers on posts to the core. I agree that such user management functions could just as easily (and perhaps more conveniently) go in a bundled extension.

I'm not a programmer, so I'm really not qualified to say which would be the better choice in this case.

luceos None of my packages (nor those of Flagrow) ever have the ambition to and never will duplicate core code.

Don't worry, no one's accusing anyone of anything here. 😉

It was pretty clear that Guardian was originally intended mainly to address a specific need for this forum: you wanted to expose the IP functionality to the admin interface, and to do that, you needed someplace to put them. Adding a user list was the obvious way to do that.

All I'm saying is that, in view of the fact that Toby plans to add a user list at some point, there is a question of approach to be considered here. Should the administrator's user list be separate from the one that will ultimately appear in the user interface? Or can the same code (be it in the core or an extension) be used for both, as I have tried to suggest?

If the latter is possible, then it might be a good idea to plan ... or at least think about ... the future development of Guardian (and other extensions or features, such as the user creation feature proposed by @christophermancini) in the context of that possibility.

Kulga

Dominion The other half to viewing registered members is the ability to do something about it

If I may speculate - many of the extensions have been extraordinarily specific. This makes sense as it's kind of a proof of concept. I can do this extra thing in flarum with a plugin.
Eventually you have a bunch of extensions that effectively do one thing each.
The next step is combining certain extensions to provide a more abstract goal.
For example, instead of flags, suspend, lock, and sticky plugins you have the Moderator Plugin. The same could go for Github, Facebook, Twitter plugins, the Oath login (or whatever). BBcode and Markdown could combine.
User management could comprise user listing, banning, grouping, invites. Each of which will probably have some variation of its own extension until they can be combined.
Each one of those would have options to configure or disable each component while doing its abstract goal very well.
A good example would be the image upload extension that permits both imgur and local upload.

Prior to refinement and grouping of specific functions, each function needs to be developed.
I don't think basic core would needs user management functions. Especially with this part

Dominion Should such a user list be provided by a separate extension other than Guardian? If so, how do we rationalize the duplication of functionality this would represent?

Because different people think about problems differently. Guardian may become the best user management plugin out there. Or someone may make a better one. By having user management functions be a extension, people can choose the better one for them. Since the vital information (ip addresses, time of posting, users in database) is there, any extension can access the same data and manage it differently.

« Previous Page Next Page »