-
Download and install node and npm:
$ brew install node -
Fork the Waltz repo and run:
$ git clone git@github.com:YOUR-USERNAME/waltz.git $ cd waltz $ npm install $ git checkout -b YOUR-BRANCH-NAMEBranches should be made from the
developbranch. -
Running
npm installwill install grunt, which Waltz uses to build site configuration settings and compile sass. First, build the site configuration:$ grunt build-config Running "build-config:go" (build-config) task Done, without errors. -
Then, have grunt watch your files. This will compile site configs and scss when the files are saved:
$ grunt Running "watch" task Waiting... -
Finally, you can test your changes by loading Waltz as an unpacked extension in chrome. Make sure the app store version of Waltz has been uninstalled to prevent conflicts.
- Navigate to chrome://extensions in your Chrome browser
- Check the "Developer mode" box
- Click "Load unpacked extension..."
- Navigate to the Waltz root directory and select it
When you are done making changes, please submit a pull request and the Waltz core team will look it over.
If possible, please write tests for the code you write.
The PR should be ready to merge your branch into the develop branch and all tests should pass.
In static/js/background/delegate.js, there is a DEBUG flag on the first line. This flag controls whether site configurations are loaded from GitHub or from your local configs. When developing for Waltz, you'll want to set the DEBUG flag to true.
If you branched from the develop branch, this should already be the case.
When you create your pull request to the develop branch, the DEBUG flag should be set to true (it gets set to false when we merge to master).
Waltz recognizes sites by using the configuration files found in
site_configs.
To make a site work with Waltz, add a json file to the site_configs
directory. Please name the file with a key that identifies the domain you
are trying to add (google.com -> google.json, facebook.com -> facebook.json, news.ycombinator.com -> hackernews.json).
Please also add a 150x150 png with the site logo in static/img/site_images
using the same name as the config file.
For many sites, Waltz only needs a few required configuration options to work.
As a quick example, here is site_configs/localhost.json:
{
"*://*.localhost/*": {
"name": "localhost",
"logout": {
"cookies": ["PHPSESSID"]
},
"login": {
"urls": ["http://localhost/"],
"formURL": "http://localhost/submitLogin",
"method": "POST",
"usernameField": "username",
"passwordField": "password",
"check": "#logged_in"
}
}
}
Let's step through each section.
-
*//*.localhost/*object - the site's domain specified as a match pattern. Waltz will run on any page that matches this pattern. For example, Waltz will be run onhttps://localhost/helloandhttp://sub.localhost/.-
namestring — a human readable name. This is displayed in messages to the user. -
logoutobject — configuration related to logging out.cookieslist (of strings) — a list of cookie names. Waltz will delete these cookies when a user logs out on their phone via Clef.
-
loginobject — configuration related to logging in.urlslist (of strings) — a list of URLs that contain the site's login form. These are used to get hidden input fields, among other things.formURLstring — theactionURL for the login form. The username and password are POSTed to this URL.methodstring — themethodof the login form, usually "POST".usernameFieldstring — thenameattribute of theinputwhere you put your username.passwordFieldstring — thenameattribute of theinputwhere you put your password.checkstring — a jQuery selector for an element that only appears on a page you had to log in for. The best element to select for is the logout button or link.
-
Note: Determining the cookie that stores whether a user is logged in is
a process of trial and error. Typically, the cookie can be found by logging
into a website, opening up the Chrome developer console, deleting cookies
and refreshing the page. If, when you have refreshed the page, you are logged
out, then you've found the right cookie to add to the logout.cookies list.
In some cases, Waltz needs a little more information to work properly on more complicated sites. For instance, a site might have hidden inputs, two factor authentication, or might generate inputs with JavaScript.
Waltz has optional configs to handle some of these things as generally as possible. If we've left anything out, please open a pull request and add the config you need, or let us know in the issues.
Here is an example config that has only optional fields:
{
"*://*.example.com/*": {
"name": "Example.com",
"match": "https?://(?!blog\\.)([^.]+\\.)?example\\.com/",
"login": {
"hasHiddenInputs": true,
"submitButton": "input[value='login']",
"twoFactor": [
{
"url": "https://www.example.com/checkpoint/twoFactor",
"check": "input[name]='twoFactor_code'"
}
],
"exclude": {
"forcedRedirectURLs" : ["https://about.example.com/download"],
"nextURLs": ["https://example.com/login/captcha", "https://example.com/login/error"]
},
"formOnly": false
}
}
}
*://*.example.com/*object-
matchstring — A RegExp string that should only match URLs that the Waltz button should appear on. The match pattern as the top-level key does not let you be specific enough to do things like exlude specific subdomains. Use this RegExp to filter down to only the correct pages. -
loginobjecthasHiddenInputsboolean — specifytrueif the login form has hidden inputs. IfhasHiddenInputsistrue, Waltz will request the login page in the background, (using the first URL inlogin.urls) find all the hidden inputs, and submit them with the decrypted username and password.submitButtonstring — A jQuery selector for the submit input in the login form. This is needed in rare cases to differentiate between the login form and other forms on the login page when the username and password fields have the same name (seesite_config/hackernews.json).twoFactorlist (of strings)— a list of URLs that the user might be redirected to when they have two-factor authentication enabled. After logging a user in, Waltz automatically redirects the user to the page they were on when they clicked the Waltz icon. Explicitly specifying two-factor URLs ensures that Waltz will not forcefully redirect the user away from the two-factor page.excludeobject — these config options relate to whether Waltz will forcefully redirect the user back to a certain page or let the site handle the redirect itself.forcedRedirectURLslist (of strings) — a list of URLs. If the user clicks the Waltz icon on any of these pages, Waltz will not redirect them back to this page, instead letting the page handle the redirect.nextURLslist (of strings) — A list of URLs. If this user is redirected naturally to any of these URLs, Waltz will not attempt to redirect them back to the page on which they clicked the Waltz icon. It's useful to specify captcha URLs or error URLs here. Also, Waltz does not redirect the user away from login URLs if they are naturally redirected back to any of them after submitting their credentials. Waltz assumes that if a user is redirected back to a login page, that there was an error submitting the form.
formOnlyboolean — if the login form generates inputs using JavaScript, Waltz isn't able to submit the login form when not on the page, even if it is loaded in the background (seegoogle.json. If this is the case, you can specify"formOnly": trueto only show Waltz if the user is on one of thelogin.urls.
-