NationStates++ | Extension for NationStates

[Afforess]

Quick bug: when using the dark skin, NS++ messes with the CSS and makes telegrams unreadable without highlighting them. As a result, I've had to turn it off.

Will have a fix out shortly, discovered why. Stupid Jquery-UI library...

[[violet]]

Why are you verifying nation ownership anyway? I read the TG from the bot but still don't understand.

To prevent another nation from being able to read/write to user settings or issue choices. I generate a login token for firebase based on my secret key + nation name which is unique and lasts for 30 days. If I didn't do this, any nation could start manipulating another users settings or previous issue selections. Or I would not be able to use cloud backup/syncing.

By user settings you mean the "NS++ Settings"? Like whether I've enabled Embassy Flags or whatever? That's not actually tied to a nation account, is it? It seems specific to the extension.

Issue choices I'm unclear about, too... I don't get why you need a TG from a nation to prevent other people from answering their issues.

More fundamentally I'm confused by why sending a TG proves that the user is logged in any more than just, you know, them being logged in. It proves to YOU that someone is using your extension but I'm not sure what it's doing for the user.

[[violet]]

My alias 'Afforess' is pretty well linked with my real-life identity, so if I did something malicious, it would get back to me and it would affect my employment situation.

Good to know! If you can send us a highly incriminating photograph of yourself wearing only underpants, that would be helpful, too.

[Afforess]

To prevent another nation from being able to read/write to user settings or issue choices. I generate a login token for firebase based on my secret key + nation name which is unique and lasts for 30 days. If I didn't do this, any nation could start manipulating another users settings or previous issue selections. Or I would not be able to use cloud backup/syncing.

By user settings you mean the "NS++ Settings"? Like whether I've enabled Embassy Flags or whatever? That's not actually tied to a nation account, is it? It seems specific to the extension.

Yes, it's tied to a nation account.

However, if the nation has no previous settings, it uses whatever settings the last user was using. So if you create a puppet, it will use the latest settings the main nation had. This part is not an actual feature, but a result of caching the settings in localStorage. It just happens to work out in a convenient way.

Issue choices I'm unclear about, too... I don't get why you need a TG from a nation to prevent other people from answering their issues.

I could erase months of your issue choices, and set them to something else secretly. It would be hard to prove, and Gaslighting users is not fun.

More fundamentally I'm confused by why sending a TG proves that the user is logged in any more than just, you know, them being logged in. It proves to YOU that someone is using your extension but I'm not sure what it's doing for the user.

It proves that they are logged in and received the telegram, as opposed to, someone else. Only you can read your telegrams, no one else. The extension checks for the telegram, and upon finding the unique code, uses that.

I realize it seems like massive overkill for past issue choices and user settings but keep in mind I plan on using this for more data in the future, this is just essentially the trial run to prove it works. I want to expand the dossier capabilities, track all the nation stats and wa census variables over time, etc. This will all need to be synced, and localStorage is a poor place to keep permanent data. I considered other services like Dropbox, but requiring users to keep a separate account for advanced features would effectively cut my userbase in half, if not more.

Edit: However, if you would like to provide an up to 5mb json storage option for each user, I would totally use that. Then you could be sure the data was secure and under your control.

[Individuality-ness]

My alias 'Afforess' is pretty well linked with my real-life identity, so if I did something malicious, it would get back to me and it would affect my employment situation.

Good to know! If you can send us a highly incriminating photograph of yourself wearing only underpants, that would be helpful, too.

May no one ever claim that [violet] lacks a sense of humor.

[Hyperion]

Good to know! If you can send us a highly incriminating photograph of yourself wearing only underpants, that would be helpful, too.

May no one ever claim that [violet] lacks a sense of humor.

What humor?

[Afforess]

Version 1.82

• Fixed bugs with telegrams & dark theme
• Fixed bugs with NS++ settings pages and dark theme
• Added option in NS++ settings to disable Puppet Switching
• Minor css fixes

You should auto-update as usual without having to do anything. Enjoy.

[Grobladonia]

I'm afraid it's not quite fixed yet. When closed the TGs look like they should, but when opened they still partially display the bug, such as here.

EDIT: And square flags still appear stretched. Very wide flags might be compressed as well, but I can't quite tell. It may be more subtle, or it may be not be there at all. This only happens in lists, such as the Dossier.

[Afforess]

I'm afraid it's not quite fixed yet. When closed the TGs look like they should, but when opened they still partially display the bug, such as here.

EDIT: And square flags still appear stretched. Very wide flags might be compressed as well, but I can't quite tell. It may be more subtle, or it may be not be there at all. This only happens in lists, such as the Dossier.

All fixed.

[Grobladonia]

Excellent! Thank you!

This is just a suggestion. You might want to consider reducing the transparency of the puppet switcher. When it hovers over the nation name it can be a bit tricky to read in the first second or so (until my eyes adjust). This isn't really an issue, just a personal preference of mine.

[Avakael]

I'm afraid it's not quite fixed yet. When closed the TGs look like they should, but when opened they still partially display the bug, such as here.

EDIT: And square flags still appear stretched. Very wide flags might be compressed as well, but I can't quite tell. It may be more subtle, or it may be not be there at all. This only happens in lists, such as the Dossier.

All fixed.

Nope, sorry, not for me. :|

[Afforess]

All fixed.

Nope, sorry, not for me. :|

Can you please post a screenshot that shows what you bugs are seeing? Thanks.

[Avakael]

Nope, sorry, not for me. :|

Can you please post a screenshot that shows what you bugs are seeing? Thanks.

The standard page gives me this;
http://i.imgur.com/ES9wAKF.png
Background of individual PMs has reverted to default theme color, as has the text on the buttons at the bottom. The text slightly increases in size as well. The page appears fine for a split second, but the script seems to automatically make these changes- with the exception of the button text color, which seems to load wrong from the start.

When I open a specific telegram, I get this.
http://i.imgur.com/tTwO07K.png
The button text, the telegram text and telegram background are fine. The URL text is grey instead of green, and we still have the white artifacts.

I am using Waterfox version 18.0.1.

[Hyperion]

Waterfox has a modified code than Firefox, so while it CAN run Firefox plugins, it can't exactly run them too well. It would need to have support adjusted. Also, I just don't like how Waterfox looks.

[Avakael]

Waterfox has a modified code than Firefox, so while it CAN run Firefox plugins, it can't exactly run them too well. It would need to have support adjusted. Also, I just don't like how Waterfox looks.

It's been working fine until just recently.
EDIT: In fact, with the exemption of the button text color, it -is- fine now. Cheers!

[Grobladonia]

I've got another bug. The puppet switcher misfires sometimes. When I click certain puppets instead of logging in I'm just simply take to it's nation page. Interestingly, one such puppet worked a few times, but it no longer does.

Deleting it from the list and adding it again seems to clear it up.

[Wind in the Willows]

I love this. Best extension ever.

[The IASM]

Excellent.

[Kalosia]

When can we expect a Safari version?

[Afforess]

I've got another bug. The puppet switcher misfires sometimes. When I click certain puppets instead of logging in I'm just simply take to it's nation page. Interestingly, one such puppet worked a few times, but it no longer does.

Deleting it from the list and adding it again seems to clear it up.

This means you entered the wrong user/pass. I'll look into making it tell you it failed to login in the future.

[Afforess]

When can we expect a Safari version?

After it happens. I don't give ETA's because I never can predict.

[Grobladonia]

I've got another bug. The puppet switcher misfires sometimes. When I click certain puppets instead of logging in I'm just simply take to it's nation page. Interestingly, one such puppet worked a few times, but it no longer does.

Deleting it from the list and adding it again seems to clear it up.

This means you entered the wrong user/pass. I'll look into making it tell you it failed to login in the future.

Well, that's the weird thing, it logged me in once or twice with that nation, then stopped working. And I haven't changed anything.

[Afforess]

Unfortunately for Safari fans, Apple's developer center is down, and has been down for the last 2 days: http://devimages.apple.com/maintenance/

I will start on a Safari port as soon as Apple's developer center is back. I have no idea when that will be.

[[violet]]

Issue choices I'm unclear about, too... I don't get why you need a TG from a nation to prevent other people from answering their issues.

I could erase months of your issue choices, and set them to something else secretly.

You are talking about some NS++ issue-related feature, right? Since there is no ability in NS to change past issue choices. I'm not sure what exactly you are erasing.

This will all need to be synced, and localStorage is a poor place to keep permanent data.

If I understand this right, what you want is for the user effectively to create an NS++ account on your server, but you don't want them to have to do this manually (and come up with a password for it, etc). So in lieu of a password, your extension wants to piggyback off NS authentication, and make sure the user is logged into NS before offering up access to any stored NS++ data. But this makes it vulnerable to a situation where, for example, a user alters their machine's DNS settings and creates a fake nationstates.net that verifies the user is logged in as anyone. So you do a TG exchange with your bot that proves to you that the nation is indeed logged in, and then they get access to an NS++ account in that nation's name.

Is that right? If so, what happens when I delete that TG and switch browsers? I'm logging in as the same nation and using NS++ but how do you know it's really me?

The TG bot is clever but definitely sub-optimal. It surprised me to see a telegram in my Sent Items that I never sent (is there any warning about this?). And it seems like a violation of site script rules, which prohibit the auto-sending of TGs.

Edit: However, if you would like to provide an up to 5mb json storage option for each user, I would totally use that. Then you could be sure the data was secure and under your control.

We are unlikely to do that, but we have tossed around various authentication schemes for 3rd-party sites, as you know. So possibly a nation could generate a key, and that key would authenticate them to you.

[Afforess]

I could erase months of your issue choices, and set them to something else secretly.

You are talking about some NS++ issue-related feature, right? Since there is no ability in NS to change past issue choices. I'm not sure what exactly you are erasing.

There is some misunderstanding here. The feature is that it tracks what issue choices your nation has made in the past, and lets you know when the issue arises again in the future. Repeat issues is a common occurrence for NS'ers, and it's handy to know what I answered when I saw the issue last time. I can't change past issue choices, but I keep track of what issue choice was decided and the timestamp of when it was made.

This will all need to be synced, and localStorage is a poor place to keep permanent data.

If I understand this right, what you want is for the user effectively to create an NS++ account on your server, but you don't want them to have to do this manually (and come up with a password for it, etc). So in lieu of a password, your extension wants to piggyback off NS authentication, and make sure the user is logged into NS before offering up access to any stored NS++ data. But this makes it vulnerable to a situation where, for example, a user alters their machine's DNS settings and creates a fake nationstates.net that verifies the user is logged in as anyone. So you do a TG exchange with your bot that proves to you that the nation is indeed logged in, and then they get access to an NS++ account in that nation's name.

Is that right? If so, what happens when I delete that TG and switch browsers? I'm logging in as the same nation and using NS++ but how do you know it's really me?

If you switch browsers or machines, it re-authenticates by sending another telegram. That machine uses the token from the new response from the bot. The old machine or browser can still use the old token as well.

The token is actually a JSON Web Token (JWT) with the name of the nation as the payload, signed with SHA256 HMAC & a secret key, and encoded in BASE-64.

The TG bot is clever but definitely sub-optimal. It surprised me to see a telegram in my Sent Items that I never sent (is there any warning about this?). And it seems like a violation of site script rules, which prohibit the auto-sending of TGs.

One could argue that the process of installing the extension is in fact the 'user input' that causes the telegram to be sent. Anyway, it's the best solution I had available to me.

Edit: However, if you would like to provide an up to 5mb json storage option for each user, I would totally use that. Then you could be sure the data was secure and under your control.

We are unlikely to do that, but we have tossed around various authentication schemes for 3rd-party sites, as you know. So possibly a nation could generate a key, and that key would authenticate them to you.

That would be an ideal solution.