Merge pull request #5462 from topcoder-platform/update-segment-script

Update segment script

Author: luizrrodrigues

.circleci/config.yml

@@ -276,7 +276,6 @@ workflows:
             branches:
               only:
                 - develop
-                - remove-outage-banner
       # This is alternate dev env for parallel testing
       - "build-test":
           context : org-global      
@@ -306,7 +305,6 @@ workflows:
             branches:
               only:
                 - develop
-                - remove-outage-banner
       - "approve-smoke-test-on-staging":
           type: approval
           requires:

Dockerfile

@@ -52,6 +52,7 @@ ARG MAILCHIMP_BASE_URL
 ARG NODE_CONFIG_ENV
 ARG OPEN_EXCHANGE_RATES_KEY
 ARG SEGMENT_IO_API_KEY
+ARG CHAMELEON_VERIFICATION_SECRET
 ARG SERVER_API_KEY
 
 # TC M2M credentials for Community App server
@@ -108,6 +109,7 @@ ENV MAILCHIMP_BASE_URL=$MAILCHIMP_BASE_URL
 ENV NODE_CONFIG_ENV=$NODE_CONFIG_ENV
 ENV OPEN_EXCHANGE_RATES_KEY=$OPEN_EXCHANGE_RATES_KEY
 ENV SEGMENT_IO_API_KEY=$SEGMENT_IO_API_KEY
+ENV CHAMELEON_VERIFICATION_SECRET=$CHAMELEON_VERIFICATION_SECRET
 ENV SERVER_API_KEY=$SERVER_API_KEY
 
 # TC M2M credentials for Community App server

build.sh

@@ -32,6 +32,7 @@ docker build -t $TAG \
   --build-arg NODE_CONFIG_ENV=$NODE_CONFIG_ENV \
   --build-arg OPEN_EXCHANGE_RATES_KEY=$OPEN_EXCHANGE_RATES_KEY \
   --build-arg SEGMENT_IO_API_KEY=$SEGMENT_IO_API_KEY \
+  --build-arg CHAMELEON_VERIFICATION_SECRET=$CHAMELEON_VERIFICATION_SECRET \
   --build-arg SERVER_API_KEY=$SERVER_API_KEY \
   --build-arg TC_M2M_CLIENT_ID=$TC_M2M_CLIENT_ID \
   --build-arg TC_M2M_CLIENT_SECRET=$TC_M2M_CLIENT_SECRET \

config/custom-environment-variables.js

@@ -99,6 +99,7 @@ module.exports = {
     RECRUITCRM_API_KEY: 'RECRUITCRM_API_KEY',
     GROWSURF_API_KEY: 'GROWSURF_API_KEY',
     SENDGRID_API_KEY: 'SENDGRID_API_KEY',
+    CHAMELEON_VERIFICATION_SECRET: 'CHAMELEON_VERIFICATION_SECRET',
   },
   GROWSURF_CAMPAIGN_ID: 'GROWSURF_CAMPAIGN_ID',
   AUTH_CONFIG: {

docs/secure-identity-verification.md

@@ -0,0 +1,13 @@
+## Setup
+1. Make sure you have a Chameleon Account and segment.com account
+2. Integrate Chameleon Account with Segment. https://help.trychameleon.com/en/articles/1161770-installing-using-segment
+3. Set Environment secret variable retrieved here https://app.trychameleon.com/settings/integrations/segment. Run the following command
+`export CHAMELEON_VERIFICATION_SECRET=<Your Chameleon Secret>`
+4. Run community app
+
+## Verification
+1. Log in to topcoder-dev account
+2. Access http://local.topcoder-dev.com/challenges
+3. You will notice in the network tab there will be 2 requests POST to https://api.segment.io/v1/i, one will send it to segment and one will send only to chameleon (with request payload `{ integrations: { All: false, Chameleon: true }}`)
+
+Repeat the proses and log in to different account and make sure the `uid_hash` is different for each different user.

src/client/index.jsx

@@ -23,9 +23,10 @@ const { setErrorsStore } = errors;
  * Performs AnalyticsJS identification of the user.
  * @param {Object} profile TC user profile.
  * @param {Array} roles User roles.
+ * @param {String} userIdHash Unique Hash per user.
  */
-function identify(profile, roles) {
-  analytics.identify(profile.userId, {
+function identify(profile, roles, userIdHash) {
+  const payload = {
     avatar: profile.photoURL,
     createdAt: profile.createdAt,
     email: profile.email,
@@ -39,7 +40,21 @@ function identify(profile, roles) {
     })),
     tracks: profile.tracks || [],
     username: profile.handle,
-  });
+  };
+  analytics.identify(
+    profile.userId,
+    payload,
+    {
+      integrations: { Chameleon: false },
+    },
+  );
+  analytics.identify(
+    profile.userId,
+    { uid_hash: userIdHash, ...payload },
+    {
+      integrations: { All: false, Chameleon: true },
+    },
+  );
 }
 
 /**
@@ -74,7 +89,7 @@ function authenticate(store) {
   }).then(({ tctV2, tctV3 }) => {
     const { auth } = store.getState();
     if (auth.profile && !analyticsIdentitySet) {
-      identify(auth.profile, _.get(auth, 'user.roles'));
+      identify(auth.profile, _.get(auth, 'user.roles'), auth.userIdHash);
       analyticsIdentitySet = true;
     }
     if (auth.tokenV3 !== (tctV3 || null)) {
@@ -85,7 +100,7 @@ function authenticate(store) {
         const userId = profile && profile.userId;
         const prevUserId = _.get(store.getState(), 'auth.profile.userId');
         if (userId && userId !== prevUserId) {
-          identify(profile, _.get(auth, user.roles));
+          identify(profile, _.get(auth, user.roles), auth.userIdHash);
           analyticsIdentitySet = true;
         }
       });

src/shared/reducers/index.js

@@ -15,8 +15,9 @@
  */
 
 import _ from 'lodash';
+import crypto from 'crypto';
 import { getCommunityId } from 'server/services/communities';
-import { redux } from 'topcoder-react-utils';
+import { redux, config, isomorphy } from 'topcoder-react-utils';
 import { reducer as toastrReducer } from 'react-redux-toastr';
 import { reducerFactory } from 'topcoder-react-lib';
 import { getAuthTokens } from 'utils/tc';
@@ -113,6 +114,21 @@ function generateSsrOptions(req) {
   return res;
 }
 
+/**
+ * Generate user id hash for secure Identity verification
+ * @param {Object} user
+ * @return {String} User Id Hash.
+ */
+function generateUserIdHash(user) {
+  const secret = _.get(config, 'SECRET.CHAMELEON_VERIFICATION_SECRET');
+  const now = Math.floor(Date.now() / 1000);
+
+  return [
+    crypto.createHmac('sha256', secret).update(`${user.userId}-${now}`).digest('hex'),
+    now,
+  ].join('-');
+}
+
 export function factory(req) {
   return redux.resolveReducers({
     standard: reducerFactory(req && generateSsrOptions(req)),
@@ -125,6 +141,12 @@ export function factory(req) {
     page: pageFactory(req),
   }).then(resolvedReducers => redux.combineReducers((state) => {
     const res = { ...state };
+
+    const user = _.get(res, 'auth.user');
+    if (user && isomorphy.isServerSide()) {
+      res.auth.userIdHash = generateUserIdHash(user);
+    }
+
     if (req) {
       res.domain = `${req.protocol}://${req.headers.host || req.hostname}`;
       res.subdomainCommunity = getCommunityId(req.subdomains);