Skip to content
This repository has been archived by the owner on Aug 11, 2021. It is now read-only.

Open concept lab/ocl issues#220: Detangle user account management from ocl_web and depend on ocl_api entirely #342

Draft
wants to merge 2 commits into
base: master
Choose a base branch
from
Draft

Open concept lab/ocl issues#220: Detangle user account management from ocl_web and depend on ocl_api entirely #342

wants to merge 2 commits into from

Conversation

karuhanga
Copy link
Collaborator

@karuhanga karuhanga commented May 24, 2020
edited
Loading

Done:

  • Signup uses API entirely
  • Login uses API entirely

To do:

  • User profile page
  • e2e tests
  • Audit other uses of the User Model

Unknowns

  • Email verification
  • Password reset?

cc. @rkorytkowski

@karuhanga karuhanga marked this pull request as draft May 24, 2020 19:25
@karuhanga karuhanga added the WIP label May 24, 2020
@rkorytkowski
Copy link
Contributor

It looks good so far.

Could we configure oclapi to send verification e-mail upon user creation and provide a confirmation link to oclapi itself, which upon activating the account would simply redirect to oclweb? Oclweb would only show a static page with a message that the e-mail has been confirmed or that the activation link is not valid. The redirect link to oclweb can be hardcoded in oclapi (redirecting to the correct environment of course).

@karuhanga
Copy link
Collaborator Author

karuhanga commented May 26, 2020
edited
Loading

It looks good so far.

Could we configure oclapi to send verification e-mail upon user creation and provide a confirmation link to oclapi itself, which upon activating the account would simply redirect to oclweb? Oclweb would only show a static page with a message that the e-mail has been confirmed or that the activation link is not valid. The redirect link to oclweb can be hardcoded in oclapi (redirecting to the correct environment of course).

I'd shot you a quick email on this;

  • The approach I was taking here was to create the user but keep them inactive until they activate the email. Do you think it would be better to keep this functionality in the API instead of this side?
  • Throwing this out there as well: I could also see us encrypting the signup info and sending it as part of the activation email, that way we don't have to create the user until they've confirmed the email

As a side note, I am dropping this approach because the work that will go into making all-auth work with the custom email confirmation is greater than just rolling our own.

@rkorytkowski
Copy link
Contributor

Yes, I think all logic including activation should be done by oclapi.

I would follow the usual process of creating an inactive account and confirming via e-mail.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
WIP
Projects
None yet
Milestone
No milestone
2 participants
@karuhanga @rkorytkowski