Allow anonymous use of the chat #5647
Conversation
snaiperskaya96
force-pushed
the
allow-anonymous-access
branch
5 times, most recently
from
cc5945d to
34d7f33
Compare
|
I have tested the functionality provided by this patch and, in my opinion, it meets the requirements of #604.
As reported in #604, I wasn't able to directly visit a public channel when attempting to go in as a guest when using a direct URL. eg Going to http://localhost:3000/channel/general took me to the login page. We may want some UI changes such as grouping all guests in the channel user list. And an addition of a more prominent notification that tells users that they are logged in as a read-only guest, and provides a link to register. I'll continue to test this. Thanks! :) |
|
@snaiperskaya96 thats awesome what you build here.. maybe keep an eye on mobile, whats happening there if i access this with the cordova app? Could there some side effects regarding to this PR? |
|
@TheReal1604 Thanks! Honestly i did not test on mobile, though I haven't used any external dependencies or invented any new mechanism so I cannot think of any trouble. Would be great if anyone could test and confirm 😄 |
|
Can this be limited to a subset of channels/private channels? |
|
@maxdwit Guest/Anonymous users automatically join default channels, so you can create a room, set it as default and automagically guests will be able to read them. |
|
Hey! So I've tried to test it against a copy of our demo server and this would not work on the demo, because we already have several |
|
Something like this, maybe? |
|
Also, can you please change your new .coffee files to .js, please, according to our Guidelines? |
|
Sure, will work on it now and hopefully commit in an hour or less |
|
I just realized that |
|
Also, Those buttons should be removed as well :) |
|
Sorry for being picky, I am just trying to cover all edges :) When Automatically login user as guest is set to true, I think we should display a message that tells the user it is being automatically logged in and tell them to wait a bit. |
|
Also, there's no way to login or register a guest user after it's logged in... and there's no logout button either. |
|
No worries!
Well I use the guestId field more than the username, I can change it in anonymous-#
Not sure you would really need to register a guest account, you can just go to the login page and register with your nickname. Also the Login button acts like Logout. It's a matter of context. Using "Logout" instead of "Login" makes the user feel more like already logged in while you are supposed to be a non-logged in guest. But again, I could just change the "Login" button to "Logout" |
|
Hey, sorry... I didn't see the Login button because it was hidden by another bug (our fault, no worries):
The search bar hides it. |
|
And yes, I think you should probably use |
|
Should be good to go now 😃
I haven't done this one because the login is quite fast and the user wouldn't be able to read it and also i have no idea about where to put it 😜 . Do you think it's really necessary? |
snaiperskaya96
force-pushed
the
allow-anonymous-access
branch
from
f28b3ee to
76c23b3
Compare
server/methods/getGuestAccount.js
Outdated
| guestId = lastGuest.guestId + 1; | ||
| } | ||
| let username = 'anonymous-' + guestId; | ||
| while (RocketChat.models.Users.findOne({ username: username })) { |
There was a problem hiding this comment.
I am not a fan of this. I feel like the logic should something like "count how many anonymous- users there are and add one, then check if that one exists and add up from there". That way we aren't starting from anonymous-1 each and every time, but starts from the amount of users + 1.
| @@ -0,0 +1,14 @@ | |||
| Meteor.startup(() => { | |||
| let query = { | |||
There was a problem hiding this comment.
The query isn't being assigned a value, so I think this should be const instead of let.
server/methods/getGuestAccount.js
Outdated
| username = 'anonymous-' + guestId; | ||
| } | ||
|
|
||
| let userId = Accounts.createUser({ |
There was a problem hiding this comment.
const instead of let as well.
snaiperskaya96
force-pushed
the
allow-anonymous-access
branch
2 times, most recently
from
c860be5 to
b2e7f39
Compare
|
Not sure about this last travis failure, false positive? Edit: Not really, trying to sort it out |
|
Any news here? |
|
Hi, i would like to see "guest" login with the ability to post messages. Also, as someone already mentioned, i think having the ability to keep some user info (even just an IP address) about anonymous users for at least a certain amount of time, is very important. (of course, keeping in mind the use of memory and cpu resources). We run a very popular public chat website now that the current software records the guests IPs in a log and we set up a cron job to delete them at certain intervals. We have worked with law enforcement on numerous occasions to help identify "anonymous" users doing bad things that way. Any new updates on this? |
|
I am sorry, looks like the Rocket.Chat team just started ignoring this PR
… On Apr 19, 2017, at 2:48 PM, WebSavvyGuy ***@***.***> wrote:
Hi, i would like to see "guest" login with the ability to post messages. Also, as someone already mentioned, i think having the ability to keep some user info (even just an IP address) about anonymous users for at least a certain amount of time, is very important. (of course, keeping in mind the use of memory and cpu resources). We run a very popular public chat website now that the current software records the guests IPs in a log and we set up a cron job to delete them at certain intervals. We have worked with law enforcement on numerous occasions to help identify "anonymous" users doing bad things that way. Any new updates on this?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub <#5647 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AFCOMbmYHnO_JrsS7dFUrVySbqzr9lM_ks5rxhChgaJpZM4Lm359>.
|
|
So this was supposed to be accepted into the release on mar 3, but now it looks like it got punted to the milestone 68.. https://github.com/RocketChat/Rocket.Chat/milestone/68 - by https://github.com/engelgabriel 6 days ago. This thing still has a 'changes requested - and that is listed as "need to prevent user creation" - but we discussed that - why it's needed - and someone else offered code to make that optional right? now considering if this project should just be forked - or if we should of been spending time working with matrix / https://vector.im/ / riot.im instead - I see development is busy with other issues - and I respect that - but lack of explanation and punting this without notice - this is worse than what the wordpress devs do, and sadly a very bad sign for this project as a whole. @rodrigok I've heard that elixr is better at handling high load chat type things, and that we should consider moving in that direction instead of thinking about meteor based things - however the splashy front for rocket chat made it look like it was more mature than it is it seems. The issues with rocket chat make things look bleak for meteor's future imho. |
|
I also feel @djsteveb frustration. As for user creation i do believe this should be optional for the Admins to enable and disable. I only need partial user info such as an IP address in the logs and wouldn't mind to see no user creation at all due to the extra resources used. Would love to see this feature enabled. I think it should be a very high priority feature. |
|
@WebSavvyGuy - I think some clarification may be needed especially within this thread - as I had assumed that people wanted users that could interact - and it seems that many or some were thinking of letting someone just access and view the chat - not actually type anything - which to me it completely different - if someone was just going to enter and watch - then you may just need a log of username chosen, ip addy, rooms entered - whatever.. but I was wanting a user role for guests that admins could choose to allow them to type in main lobby, but not in upper room #2, and not send pms.. then user level registered could do other things, and user level 3 could do more.. - we need extra info for trolls with users - special attention to unicode characters - and the ability to give them roles / restrictions as to what guest users can do.. I want them to be able to type - but with limitations.. frankly - adding a system that just allows someone to enter the chat as a guest and not type - you could just pipe the chat to an html page and let people see that without them having to login to the system and no need to create a user - but I understand others may see things differently - so yes, options all around would be best.. but I think that gets into the other code blocks - how roles work, how they are set controlled... but I have not tested any of that yet. |
|
@djsteveb Yes, i understood what you wanted. I want almost the same thing. You see, i don't think it is necessary to get all the info (or any for that matter) for a user if they are just "watching" as they wouldn't be able to do anything (spam, troll, etc). Like you, I do want guests to be able to chat also. But i think where we differ is I dont want as much information as you. To be honest i am just looking for username chosen, ip address, and time and date. I value the load of the server very much. One of our chat rooms can have up to 2000 users chatting concurrently so this is very important to me. Thats just one chat room, if i put everything on one server, were talking many more. (I do realize all on one server is not going to cut it). So, thats why i think they don't really want to make the guest as a normal user, to cut down on system resources. I could be wrong here but that's what i read and understood here. Either way, guest user is very very important and i would like one where they delete that guest after a certain interval or even when they log out (but still leave some info such an Ip address) |
|
Sorry guys, we forgot this PR, we loosed it in our huge list of PRs 😞 we are trying hard to keep improve the code to add more tests, we think it is very important to keep the code without bugs when we merge new features like this one. We are working to get more people involved on the project to improve the issue triage, pr reviews, etc... I can understand your frustration, I'll back to work on this implementation tomorrow to ensure this feature in the next release. I'll fix the conflicts of the PR #5986, merge it and my plan is to start a new PR with a more simple solution for the write problem:
Any addition or suggestion? |
Thanks so much for getting this in the next release it will help a lot of us. |
|
@WebSavvyGuy
|
|
I fixed the conflicts of my PR #5986 |
|
@rodrigok If you put it inside the chat room, wouldn't that then require the user to register first in some way to even access the chat room? Thats how i understand RC to operate. Giving them the option to log in immediately from the login box as a Guest would save a lot of time and more user friendly for the end user, IMO. At least the many chat systems i have worked with had it set up this way. |
|
@WebSavvyGuy that is what my PR add, the ability to see the public rooms as anonymous without need to create accounts. Since you can see the messages you can decide to create a guest account or login to post a message |
|
@rodrigok Ok got it now. Well i don't want you to get sidetracked off what you are doing. I hope we can have the ability for the guest user to just choose to login directly into the chat and then maybe we can set the abilities of what that guest can do (type, direct message, etc) via the admin panel in the future then :) |
|
@WebSavvyGuy - see that's what I was saying - some others are promoting this other method of entering the chat without a login / user needed - that's not what I think most of us need - THIS pr that https://github.com/snaiperskaya96 has made here - does create a user - which is what I think most of us need for many different reasons. as far as any kind of pruning - does this have the option to auto-delete from DB after X minutes or X days - I don't know. I am pretty sure the user roles are handled by other code chunks already - and from what I have scanned over - it appears that these abilities are optional choices / change-able in the admin screen.. It is my hope that this PR gets put in - so we can actually use this sytem - and then get a wordpress user / auth bridge created and we have a cool system - I posted some video and additional suggestions on one of my sites and linked to that earlier in the thread here- Feb 14th ( #5647 (comment) ) - showing how the guest login works with similar systems like realchat, avchat, gchat - which is what I have experienced as being the best option for user access, with ability to create a more solid / permanent profile - after entering as a guest without too many barriers to entry - but with more abilities than just "seeing the chatmessages / unable to type" |
|
@djsteveb I am thinking that having either options is needed by many. They are pretty closely tied so why not try to get both with the options in the admin panel of having either system. I guess easier said than done though :) i can live with either as long as that user is pruned. |
|
I submitted a new PR with the first version of the anonymous write option #6797 |
|
Now that's a good news
|
|
This thread is a perfect examply of why we shouldnt invite marketing people and other clueless people to join code issue discussions. These comments were everything from funny to crazy, and more often than not totally missing the point. Lovely! |
@RocketChat/core
Closes #604
The idea is basically to create a guest user automatically (We need a physical user due to the massive user checks), assign him guest role and eventually delete it when the session is over.
To enable guest/anonymous access: Admin -> Accounts -> Allow guest access