-
Notifications
You must be signed in to change notification settings - Fork 81
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Additional Login Options #1786
Additional Login Options #1786
Conversation
Hi @valaparthvi - Kudos to you for all this hard work. I have some UI concerns regarding this new registration page. I think removing the required asterisk from the email field and adding the phone number field is very confusing. We shouldn't be waiting for the user to fail before informing them that they need either an email address or phone number to register. I would recommend keeping the email field with the required asterisk since this is the main path for our users and then adding the ability to toggle to a phone number field if necessary. Here is what we discussed implementing earlier: |
4ecde32
to
7097f1a
Compare
7f67781
to
dc8af08
Compare
dc8af08
to
be93005
Compare
2970441
to
3d3307c
Compare
70be15a
to
0f9f196
Compare
275a619
to
f558b17
Compare
f558b17
to
c205827
Compare
6aa69a7
to
41806d4
Compare
cadasta/accounts/forms.py
Outdated
current_phone_set = VerificationDevice.objects.filter( | ||
user=self.instance) | ||
if current_phone_set.exists(): | ||
current_phone_set.delete() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The tiniest of optimizations:
We don't actually need to care if the current_phone_set
exists or not when we issue the delete command, we could simply run VerificationDevice.objects.filter(user=self.instance).delete()
or self.instance.verificationdevice_set.all().delete()
.
cadasta/accounts/views/api.py
Outdated
if current_email != new_email: | ||
email_set = instance.emailaddress_set.all() | ||
if email_set.exists(): | ||
email_set.delete() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Again, could simplify by just running instance.emailaddress_set.all().delete()
cadasta/accounts/views/api.py
Outdated
if current_phone != new_phone: | ||
phone_set = VerificationDevice.objects.filter(user=instance) | ||
if phone_set.exists(): | ||
phone_set.delete() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
user.verificationdevice_set.all().delete()
@oliverroick has currently opened a PR to this branch, maybe he can do these changes in his PR. |
6aac3ba
to
1745418
Compare
1745418
to
e19ef6b
Compare
* VerificationDevice model and Removal of 48hr email verification period (#1606) * Registration with Phone number (#1662) * Add phone to User Profile (#1698) * Add Ansible provisioning for Twilio * Allow user to login with phone and add Resend Token Page (#1708) * Reset Password with Phone (#1717) * Twilio Integration and More update notification (#1719) * Add API endpoint for phone verification(2) (#1748)
* upgraded django-skivvy to 0.1.9 * Remove unnecessary lines of code
* Design improvements to Registration Form and Resend Token Form minor changes * Design improvements in password reset page * UI and Parsley changes * fix bug minor changes * Toggle phone js, UI fixes * minor change to user dashboard * change phone regex, add tests to check minimum phone length and add some other missed test cases add some other missed test cases in serializers * changes addressed to the PR * Error messaging updates * Additional form pages and js * add tests and code to handle invalid NumberParseException thrown by phonenumbers when invalid country code is entered
…ers (#1906) * Remove option to switch between phone and email from form * Remove option to switch between phone and email from serializer * Add conditions to show/hide phone/email form fields * Make either phone or email required * Validate either phone or email is provided to serializer
* Catch invalid phone number in AccountRegister * Catch invalid phone number in AccountProfile * Catch invalid phone number in api.AccountUser * Catch invalid phone number in api.AccountRegister * Catch Twilio 500 errors * Catch errors in ResendTokenView * Catch errors in PasswordResetView * Log Twilio 500-level errors with Opbeat * Write opbeat tokens to expected env variables
e19ef6b
to
0a35b76
Compare
This PR includes:
Proposed changes in this pull request
Add
phone
andphone_verified
properties to theUser
model, and removeverify_email_by
property. A user will not be given the grace period of 48 hours to verify their email address.Add a new
VerificationDevice
model that will be used to generate and verify a token for phone verification. This new model usesdjango-otp
module. Every token is valid for 60 minutes. ThisVerificationDevice
is connected to theUser
via a ForeignKey.VerificationDevice
has 2 main purposes: i) Phone Verification and ii) Reset password with phoneEvery
User
instance will have at most 2VerificationDevice
model linked to it. TheseVerificationDevice
instances will be deleted once their purpose has been served, i.e. once a phone has been verified, the device used to verify the phone will be deleted.Migration accounts/0010_phone_and_verification_device.py includes above mentioned changes to the models.
As soon as user registers, a verification email and/or verification token will be sent to user's email address and/or phone number. The user will then be redirected to a Account Verification page immediately after successful registration. On this page, the user will be asked to verify their phone/email in order to access their account. If the user had registered with a phone, the user will see a Token Verification form on the same page. The user enters the received token in the form, and if the token matches, user's phone will be verified, else the user will see an error message.
Every time a user changes their existing phone number or adds a phone number to their profile, they will be redirected to the Account Verification page to verify their phone.
If the user does not receive any verification email/token, the user can click on here button placed at the bottom of Account Verification page to try again. This here button will redirect the user to a Resend Token page. Here user will see 2 forms, one form will take email and another phone. The user can enter their registered email/phone to receive a verification email/token.
Reset Password with Phone: On the password reset page, the user can see a new form which takes a phone. A user can enter their registered phone to reset the password with the phone. If the entered phone is linked to any user account, a verification token will be sent to the user, else not.
If user logs in with unverified email/phone or if user account status is inactive, instead of automatically sending an email verification link or a token, the user will be redirected to the Resend Token page. Here user will enter their registered email/phone to receive a verification link/token. If both phone and email linked to the user account are unverified, user account status will be set to inactive.
Add a
PhoneAuthenticationBackend
to allow user authentication with phone.Add two new exceptions to
accounts/exceptions.py
: i) PhoneNotVerifiedError and ii) AccountInactiveErrorAs the name suggests, errors will be raised when phone and/or email is/are unverified. This errors will be raised by
AccountLoginSerializer
.Also, modify existing
EmailNotVerifiedError
by initiating it with an error message.Integrate Twilio services on the platform to send SMS to user's phone. To implement this, a
accounts/gateways.py
file has been added. 2 Gateways have been defined here: i) TwilioGateway and ii) FakeGatewayTwilioGateway will be used for staging/demo/production to send actual SMS via Twilio. FakeGateway will be used for development and Travis environment. The FakeGateway uses logger to print messages in the console.
Twilio Credentials have been added to Ansible config, thanks to @amplifi.
Many new update notifications have been added. Notification will be sent to phone/email linked to the user account when any new activity has been recorded. These notifications will be sent regardless of phone/email('s) verification status. Notifications will be sent in following cases:
Here's a link to the doc file. This document contains detail about every page, their functionality, required changes to the codebase and a list of required test cases for every page.
When should this PR be merged
Risks
Follow-up actions
django-otp
,phonenumbers
andtwilio
.Checklist (for reviewing)
General
migration
label if a new migration is added.Functionality
Code
Tests
Security
Documentation