Freecodecamp: Local login with passwordless

Our current config uses AWS SES for sending out emails. Of course, this is configured in production.
But, this will affect local setups for development. Earlier, this was not noticeable because creating accounts was based on a local strategy. (The server still used to crash, but the user accounts got created) .

That will NOT work any longer. So I recommend the documentation be updated on lines of below:

If you do need to use auth to test out some accounts then, local testing / creating accounts can now be done in the below two ways:

Setting up a temporary config (least hassle) Method:

Change this :
https://github.com/freeCodeCamp/freeCodeCamp/blob/abbdb28228331e418ce383f0443b0c9f021986a6/server/datasources.json#L6-L9

to this:

"mail": {
  "name": "mail",
  "connector": "mail",
  "transports": [{
    "type": "SMTP",
    "host": "smtp.gmail.com",
    "secure": true,
    "port": 465,
    "auth": {
      "user": "[email protected]",
      "pass": "somepassword"
    }
  }]
}

Of course replacing the user and pass keys above with your actual credentials.
It highly recommended that you DO NOT use your personal email credentials, rather create a fresh Gmail account and use that (just don't use it for anything sensitive). This is because:

With GMail, you may need to enable the “access for less secure apps” option. Reference

This setting is available in your Google accounts. https://support.google.com/accounts/answer/6010255?hl=en

After you have set this in the .env set the variable [email protected] as well.

Once you have created the setup, tested, you have to revert the datasources.json back to its state in staging, before making commits or a pull request.

Setting up a permanent config (needs a paid subscription/configuration) Method:

Signup for AWS, and its SES (Simple Email Service). Create Access Keys and Secret for sending emails, steps to which can be referred from their docs.

In the .env set the following:

SES_ID=XXXXXXXXXXXXXXXXXXXXXXX
SES_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
[email protected]

And that's it, you should be good.

P.S: Please feel free to comment, if I missed anything or I am not clear, I'll be happy to clarify.

An ideal approach is to have inbuilt test users, rather than burdening contributors with configs. But that is currently out of the scope for this issue.

I've created a bypass that displays a link in the toast to login instead of sending the email when on a local installation. I added an environment variable in sample.env and check for it in /common/models/user.js and it works.......except......If you logout and try to login with a different email address it fails. I don't have much experience with Observables and I can't quite figure out exactly what is supposed to be being returned. Once one token is created every token created after that has the original tokens user ObjectId(). Until you restart the server at least. If anybody wants to check it out and guide me a little bit I think it would make local development a lot easier. It already works to a point. I just need a little guidance. My fork is at - https://github.com/ogzcoder/freeCodeCamp/tree/fix/seamless-local-passwordless-auth

@raisedadead We should probably use a script that will first detect SES keys then Gmail, then finally crash with a specific error with a link to the forum to demonstrate how to set up those keys in the .env file.

We should also avoid EMAIL_SENDER as a key in the .env because we have used that key in the past for production devops emails.

This info should definitely be made obvious to anybody wanting to contribute to this project. Adding the required info to the config is pretty simple if you know you need to do it :) Especially when authenticating through this requested email is the number 1 way to authenticate to the application. If the local server can't send this email it crashes...

@ogzcoder thanks for the feedback, and yes as you can see we have put up this issue to track and create the documentation.. 😅 !

@BerkeleyTrue yes that can be done, and I totally agree is the least frictionless approach.

But we would still need a key that is defined to be used as a MAIL FROM domain, primarily because, the default MAIL FROM is a freeCodeCamp.com domain address.

So can we change the EMAIL_SENDER to something like SES_MAIL_FROM or similar?

Meanwhlie I have created the guide here for everyone to refer so that we can start linking to it in the CONTRIBUTING.md

https://forum.freecodecamp.org/t/contributing-guide-setting-up-email-authentication-for-development/146004

Linking this guide https://forum.freecodecamp.org/t/logging-into-local-freecodecamp-installation-with-passwordless-authentication/145841 here as well so we remember to update it if we change anything.

Hi @systimotic thanks for the link and @ogzcoder thanks for the guide.

Unfortunately I think the changes that I plan to make with #15822 may break that as well, which no users will actually get updated whenever we send out a passwordless authentication email, which is not confirmed before a user clicks on it.

Which would make sense because we don't want that to happen in any case.

I strongly favor that we go ahead and implement Berkeley's proposal and then update the docs accordingly, which is dump a log with instructions.

We don't want everyone to do this additional step (which is a majority of our contributors editing challenges) and should be pointed to when the need arises.

For now, the Gmail workaround is usable.

Can I suggest to remove the 'Continue with GitHub' button from the sign in page, since we are not supporting GitHub login anymore?

@zk433 already taken care off in https://github.com/freeCodeCamp/freeCodeCamp/pull/15890 😅 !

Sorry, I missed that! Well done. 👍

I solved this by adding Mailhog to the docker-compose file and override the datasources config for development to point to the local mailhog container. This seems like the least amount of work for new contributors as it would just require an update to the setup guide. I can put a PR together if anyone is interested in this approach.

FYI, this is a little less vanilla using MailHog on a Windows 10 system. I imagine this has to do with the Windows implementation of the program in general, but it would give me a registration link that looked like:
http://localhost:3000/passwordless-auth/?email=3Dc2FtdWVsLm0uY29lQGdtYWlsLm=\r\nNvbQ=3D=3D\u0026token=3DrnIUCMxEd6W5tBGf8Et1jQbNk8biLhGgIHODsPJ8MewjOKS0l8XErAoq=\r\nigMIYCK3

When the actual URL should have been:
http://localhost:3000/passwordless-auth/?email=c2FtdWVsLm0uY29lQGdtYWlsLmNvbQ==&token=rnIUCMxEd6W5tBGf8Et1jQbNk8biLhGgIHODsPJ8MewjOKS0l8XErAoqigMIYCK3