profile
viewpoint

xavi-/beeline 50

A laughably simplistic router for node.js

xavi-/bind-js 20

A templating engine for node js

xavi-/Drag-Shapes 6

An example of how with the use of an image map, you are able to drag and drop arbitary shapes using standard HTML, CSS, and JavaScript

xavi-/defuddle 2

A collection of javascript games

xavi-/full-stack-javascript 2

A site about all things full-stack javascript

itscodenation/google-classroom-facebook 1

An app that connects to the google classroom API and generates a book of faces. Makes it easier to learn student's name

xavi-/chat-forge 1

An app that let's you create new chat rooms on the fly

push eventClever/swagger-api

James Saylor

commit sha 9f98f04aa9bba42e6d549dfa3802368119e192ab

No need for a random v in main

view details

push time in 6 hours

create barnchClever/swagger-api

branch : SYNC-2075-Generate-api-v3

created branch time in 6 hours

Pull request review commentClever/saml2

[SECURITY] upgrade xml-crypto, fix signature xpath

 decrypt_assertion = (dom, private_keys, cb) -> # This checks the signature of a saml document and returns either array containing the signed data if valid, or null # if the signature is invalid. Comparing the result against null is NOT sufficient for signature checks as it doesn't # verify the signature is signing the important content, nor is it preventing the parsing of unsigned content.-check_saml_signature = (xml, certificate) ->+check_saml_signature = (_xml, certificate) ->+  # xml-crypto requires that whitespace is normalized as such:+  # https://github.com/yaronn/xml-crypto/commit/17f75c538674c0afe29e766b058004ad23bd5136#diff-5dfe38baf287dcf756a17c2dd63483781b53bf4b669e10efdd01e74bcd8e780aL69+  xml = _xml.replace(/\r\n?/g, '\n')   doc = (new xmldom.DOMParser()).parseFromString(xml) -  signature = xmlcrypto.xpath(doc, "./*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']")+  # Find the correct section of the XML doc to check the signature for+  maybe_req = xmlcrypto.xpath(doc, "//*[local-name(.)='AuthnRequest']")+  maybe_req = maybe_req && maybe_req[0]+  maybe_resp = xmlcrypto.xpath(doc, "//*[local-name(.)='Response']")+  maybe_resp = maybe_resp && maybe_resp[0]+  maybe_assert = xmlcrypto.xpath(doc, "//*[local-name(.)='Assertion']")+  maybe_assert = maybe_assert && maybe_assert[0]+  to_check = maybe_req || maybe_resp || maybe_assert+  signature = xmlcrypto.xpath(to_check, "./*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']")

TIL that you could return matches via this way! I thought to_check would return a boolean, but didn't realize it would select the particular path via xpath.

donhcd

comment created time in 8 hours

Pull request review commentClever/saml2

[SECURITY] upgrade xml-crypto, fix signature xpath

 decrypt_assertion = (dom, private_keys, cb) -> # This checks the signature of a saml document and returns either array containing the signed data if valid, or null # if the signature is invalid. Comparing the result against null is NOT sufficient for signature checks as it doesn't # verify the signature is signing the important content, nor is it preventing the parsing of unsigned content.-check_saml_signature = (xml, certificate) ->+check_saml_signature = (_xml, certificate) ->+  # xml-crypto requires that whitespace is normalized as such:+  # https://github.com/yaronn/xml-crypto/commit/17f75c538674c0afe29e766b058004ad23bd5136#diff-5dfe38baf287dcf756a17c2dd63483781b53bf4b669e10efdd01e74bcd8e780aL69+  xml = _xml.replace(/\r\n?/g, '\n')   doc = (new xmldom.DOMParser()).parseFromString(xml) -  signature = xmlcrypto.xpath(doc, "./*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']")+  # Find the correct section of the XML doc to check the signature for+  maybe_req = xmlcrypto.xpath(doc, "//*[local-name(.)='AuthnRequest']")+  maybe_req = maybe_req && maybe_req[0]+  maybe_resp = xmlcrypto.xpath(doc, "//*[local-name(.)='Response']")+  maybe_resp = maybe_resp && maybe_resp[0]+  maybe_assert = xmlcrypto.xpath(doc, "//*[local-name(.)='Assertion']")+  maybe_assert = maybe_assert && maybe_assert[0]+  to_check = maybe_req || maybe_resp || maybe_assert

Is there ever a case where we might want to check an Assertion first over an AuthnRequest? Or is it strictly this order?

donhcd

comment created time in 8 hours

issue commentClever/saml2

xmlbuilder dependency doesn't support Node 12 (LTS)

Has there been any consideration to update this library? This is a very useful lib but these ancient dependencies make it very hard to justify in newer code.

Hazno

comment created time in 9 hours

push eventClever/components

Chloe Caelynn

commit sha 3bf8c8ec8546c5c7646c180c7417e7b7b7de141d

v2.68.1 - SSOAP-2844 - Undo accessibility fix (darker blue for plain link button) while a long-term solution is reached. :(

view details

Chloe Caelynn

commit sha 2c5b999f2c622ae53ccc0019d5c04b8f18a79f5a

v2.68.1

view details

Daniel Xu

commit sha 1d358415180deef495851819d0fdc235a25a8c70

Fix Tooltip display for click/focus trigger combo (#566) * Fix Tooltip display for click/focus trigger combo This version of react-bootstrap OverlayTrigger and tooltip doesn't handle click, focus triggers when used in conjunction gracefully. When using both click and focus: when a user clicks the element (mousedown + mouseup events), a focus event is fired after the mousedown. This sets the shown state to true. Later once the click event is fired, i.e. after the mousedown+mouseup events, a function "handleToggle" is called, which then will hide the tooltip since its already shown... by calling preventDefault the focus event from mousedown won't be fired * 2.69.0 * 2.68.1

view details

Daniel Xu

commit sha 311cfd9d460dcd22f5a799748cda9fd191d6acae

2.68.2 (#569)

view details

Jonah Schwartz

commit sha 7ef83b035f412fabf6a0155ee212bcb56a37165e

add aria label to ToastNotification close button

view details

Jonah Schwartz

commit sha a24ec66aa81ad80deeed792356a6c975b9a30691

2.68.3

view details

push time in 9 hours

push eventClever/components

Jonah Schwartz

commit sha cdb6a324fa56b7d1712b51350f37bc542ae6b23a

2.68.1

view details

push time in 9 hours

PR opened Clever/components

SSOAP-2940: add aria label to ToastNotification close button

Jira: https://clever.atlassian.net/browse/SSOAP-2940

Overview: Add aria-label to ToastNotification close button to make it readable by screen readers

Testing:

Manually confirmed aria label is present on correct element

  • [x] Unit tests
  • Manual tests:
    • [x] Chrome
    • [x] Safari
    • [ ] IE11

Roll Out: 100

  • Before merging:

    • [ ] Bumped version in package.json
      • New component or backward-compatible component feature change? Run npm version minor
      • Only changing documentation? All good. Skip this step.
    • After creating a new component, make sure to add it to the Components List in ComponentsView.jsx. To do so:
  • After merging:

    • [ ] Deployed updated docs (make deploy-docs)
    • [ ] Posted in #eng if I made a breaking change to a beta component
+1 -0

0 comment

1 changed file

pr created time in 9 hours

create barnchClever/components

branch : SSOAP-2940-toast-aria

created branch time in 9 hours

pull request commentClever/saml2

[SECURITY] upgrade xml-crypto, fix signature xpath

Hey there! Thanks for taking the time to submit this PR and also bump up version concerns.

Just wanted to follow up on this particular comment before merging:

  • improve the logic to figure out the correct signature to validate in the document - seems like the XPath implementation that xml-crypto was using changed between 0.9.0 (it's unclear which sha 0.10.0 is supposed to correlate to) and 2.0.0

We similarly leverage xmlcrypto for get_signed_data. I was curious if we had to do some additional tweaks there, as well.

donhcd

comment created time in 12 hours

pull request commentClever/saml2

[SECURITY] upgrade xml-crypto, fix signature xpath

@prime-time @mcab can we get this resolved and a new version issued? please? otherwise will have to fork etc etc.

donhcd

comment created time in 13 hours

delete branch Clever/template-node-library

delete branch : quick-non-controversial-tweaks

delete time in 15 hours

push eventClever/template-node-library

Arsalan

commit sha 2889da549fa658737f5c96d03c15f87e649d1112

Format .circleci/config.yml

view details

Arsalan

commit sha 258ebf269650ca921c0d335c3117a979afe0330b

Remove unused and out-of-date npm scripts

view details

Arsalan

commit sha df417a4c96082d2ebd9ecfea6ec9023c18bf9a71

Grant CircleCI the ability to install private dependencies

view details

arsalansufi

commit sha 4fe158f18fa2715e0da38349123626640c0f4214

Merge pull request #23 from Clever/quick-non-controversial-tweaks Grant CircleCI the ability to install private dependencies

view details

push time in 15 hours

PR merged Clever/template-node-library

Grant CircleCI the ability to install private dependencies

This PR mirrors https://github.com/Clever/template-frontend/pull/48. In addition to granting CircleCI the ability to install private dependencies, it also removes unused and out-of-date npm scripts.

+23 -19

0 comment

3 changed files

arsalansufi

pr closed time in 15 hours

PR opened Clever/template-node-library

Grant CircleCI the ability to install private dependencies

This PR mirrors https://github.com/Clever/template-frontend/pull/48. In addition to granting CircleCI the ability to install private dependencies, it also removes unused and out-of-date npm scripts.

+23 -19

0 comment

3 changed files

pr created time in 15 hours

push eventClever/template-node-library

Arsalan

commit sha df417a4c96082d2ebd9ecfea6ec9023c18bf9a71

Grant CircleCI the ability to install private dependencies

view details

push time in 15 hours

create barnchClever/template-node-library

branch : quick-non-controversial-tweaks

created branch time in 15 hours

delete branch Clever/template-node-library

delete branch : a-few-updates

delete time in 15 hours

push eventClever/template-node-library

Arsalan

commit sha 81bcc81d0676361ec3aae225a128e6b9f0f70631

Install latest formatting and linting packages

view details

Arsalan

commit sha 38a2127218a488f625a8c5b1cc6017388549ade2

Copy latest lint config from Clever/template-frontend

view details

Arsalan

commit sha 44f57902641faa4508b856476de14e25f80f2260

Only target source-code directory for formatting and linting

view details

Arsalan

commit sha 1cbf2698e2ff88402d373708ffba6ddd63007635

Install latest TypeScript

view details

Arsalan

commit sha 300a285f96b75142122107a02794ff2f32f448ff

Mirror Clever/template-frontend TS config

view details

Arsalan

commit sha 287dd2ad08f8b9e2cb46874016ebbd3e1f25d699

Install latest testing packages

view details

Arsalan

commit sha 88ef39bf1c9d6b7222df893d9c906013298cac83

Move Jest config out of package.json

view details

Arsalan

commit sha df4e8979a5465002b8bb33ea904d3ea7ed80dc0e

Tweak Makefile testing command plus other small tweaks

view details

Arsalan

commit sha 4ce673bba8580d177ca485d3a7c458e6d688b625

Default tsconfig.json target to es5 To guarantee compatibility with IE and older versions of Safari Add a note to the README about when it's appropriate to increase the target

view details

arsalansufi

commit sha 367de352e1545bae64dd230b120cca6d906224e0

Merge pull request #22 from Clever/a-few-updates Update linting, TypeScript, and Jest

view details

push time in 15 hours

PR merged Clever/template-node-library

Update linting, TypeScript, and Jest

Overview

This PR makes a few updates to the template-node-library, to match it up with the recently updated template-frontend. The updates include:

  • The latest linting packages and config
  • The latest TypeScript
  • The latest testing packages

Testing

Verified that all of the following work as expected:

  • [x] make format / make format-all
  • [x] make lint
  • [x] make test
  • [x] make build

Rollout

:100:

+140 -87

0 comment

9 changed files

arsalansufi

pr closed time in 15 hours

push eventClever/template-node-library

Arsalan

commit sha 4ce673bba8580d177ca485d3a7c458e6d688b625

Default tsconfig.json target to es5 To guarantee compatibility with IE and older versions of Safari Add a note to the README about when it's appropriate to increase the target

view details

push time in 15 hours

push eventClever/template-node-library

Arsalan

commit sha 55995116883f3cce4218314d5336722383ce2be3

Default tsconfig.json target to es5 To guarantee compatibility with IE and older versions of Safari Add a note to the README about when it's appropriate to increase the target

view details

push time in 16 hours

Pull request review commentClever/template-node-library

Update linting, TypeScript, and Jest

 {-    "compilerOptions": {-        "module": "commonjs",-        "target": "es6",-        "strict": true,-        "lib": ["es2017"],-        "typeRoots": [-            "node_modules/@types", "./types"-        ],-        "outDir": "./dist"-    },-    "exclude": [-        "node_modules"-    ]+  "compilerOptions": {+    "jsx": "react",+    "lib": ["dom", "es2019"],+    "module": "commonjs",+    "outDir": "dist",+    "resolveJsonModule": true,+    "strict": true,+    "target": "es6",

Yes will definitely add!

arsalansufi

comment created time in 16 hours

Pull request review commentClever/template-node-library

Update linting, TypeScript, and Jest

 {-    "compilerOptions": {-        "module": "commonjs",-        "target": "es6",-        "strict": true,-        "lib": ["es2017"],-        "typeRoots": [-            "node_modules/@types", "./types"-        ],-        "outDir": "./dist"-    },-    "exclude": [-        "node_modules"-    ]+  "compilerOptions": {+    "jsx": "react",+    "lib": ["dom", "es2019"],+    "module": "commonjs",+    "outDir": "dist",+    "resolveJsonModule": true,+    "strict": true,+    "target": "es6",

I "like" ES5 as the default while we're supporting IE11. Could you add instructions to Development in the README for changing the target and when it's appropriate?

arsalansufi

comment created time in 17 hours

Pull request review commentClever/template-node-library

Update linting, TypeScript, and Jest

 {-    "compilerOptions": {-        "module": "commonjs",-        "target": "es6",-        "strict": true,-        "lib": ["es2017"],-        "typeRoots": [-            "node_modules/@types", "./types"-        ],-        "outDir": "./dist"-    },-    "exclude": [-        "node_modules"-    ]+  "compilerOptions": {+    "jsx": "react",+    "lib": ["dom", "es2019"],+    "module": "commonjs",+    "outDir": "dist",+    "resolveJsonModule": true,+    "strict": true,+    "target": "es6",

I want to do some additional thinking about the target setting.

For frontend code builds, we target es5 for compatibility with IE11 and older versions of Safari, e.g. here. For server code on the other hand, it's okay to set a higher target, e.g. here.

Given that this template can be used to create npm modules for server use or client use, I'm wondering if the safest default is es5. For someone creating a server module, they can then explicitly choose to raise the target.

arsalansufi

comment created time in 17 hours

Pull request review commentClever/template-node-library

Update linting, TypeScript, and Jest

+module.exports = {

Essentially the same config as https://github.com/Clever/template-frontend/blob/master/jest.config.js

arsalansufi

comment created time in 18 hours

Pull request review commentClever/template-node-library

Update linting, TypeScript, and Jest

 {-    "compilerOptions": {-        "module": "commonjs",-        "target": "es6",-        "strict": true,-        "lib": ["es2017"],-        "typeRoots": [-            "node_modules/@types", "./types"-        ],-        "outDir": "./dist"-    },-    "exclude": [-        "node_modules"-    ]+  "compilerOptions": {+    "jsx": "react",+    "lib": ["dom", "es2019"],+    "module": "commonjs",+    "outDir": "dist",+    "resolveJsonModule": true,+    "strict": true,+    "target": "es6",+    "typeRoots": ["node_modules/@types", "types"]+  },+  "exclude": ["node_modules"]

Some small tweaks to better mirror https://github.com/Clever/template-frontend/blob/master/tsconfig.json

arsalansufi

comment created time in 18 hours

Pull request review commentClever/template-node-library

Update linting, TypeScript, and Jest

+module.exports = {

An exact copy of https://github.com/Clever/template-frontend/blob/master/.eslintrc.js. We eventually plan to move this config to a shared location.

arsalansufi

comment created time in 18 hours

push eventClever/template-node-library

Arsalan

commit sha 81bcc81d0676361ec3aae225a128e6b9f0f70631

Install latest formatting and linting packages

view details

Arsalan

commit sha 38a2127218a488f625a8c5b1cc6017388549ade2

Copy latest lint config from Clever/template-frontend

view details

Arsalan

commit sha 44f57902641faa4508b856476de14e25f80f2260

Only target source-code directory for formatting and linting

view details

Arsalan

commit sha 1cbf2698e2ff88402d373708ffba6ddd63007635

Install latest TypeScript

view details

Arsalan

commit sha 300a285f96b75142122107a02794ff2f32f448ff

Mirror Clever/template-frontend TS config

view details

Arsalan

commit sha 287dd2ad08f8b9e2cb46874016ebbd3e1f25d699

Install latest testing packages

view details

Arsalan

commit sha 88ef39bf1c9d6b7222df893d9c906013298cac83

Move Jest config out of package.json

view details

Arsalan

commit sha df4e8979a5465002b8bb33ea904d3ea7ed80dc0e

Tweak Makefile testing command plus other small tweaks

view details

push time in 18 hours

more