Request for feedback on invite code feature #194
Request for feedback on invite code feature #194
Conversation
Yay! ✨ I'm really busy right now ⌚ ... but i'll make sure to go through it in the coming days. Happy to see the build is green 💚. |
Okay! If you like we can split it up into smaller chunks? Maybe that's better? :) |
Hey @ayajaff, If that's difficult then we can go through the whole pull request at once. |
@@ -40,3 +40,6 @@ config/customization/* | |||
config/transifex.netrc | |||
!config/provider/.gitkeep | |||
!config/customization/.gitkeep | |||
|
|||
# ignore IDE configuration | |||
.idea/ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What IDE is this for?
Maybe this would better fit into a global gitignore on your machine?
If not it might be a minimal pull request on it's own as it's independent of the rest.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's for RubyMine.
True, we actual did add that to our global gitignore, so it doesn't really need to be here.
(Now we just have to find out how to remove it. :) )
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I bet there are a lot of different ways.
First you might need to know which commit changed it...
Then you can use an interactive rebase and edit the commit in question. Or you could add a new commit and then squash it with the old commit in an interactive rebase.
git log -1 .gitignore
git rebase -i
df255c7
to
5919cc9
Compare
5919cc9
to
599f455
Compare
We updated the pull request:
Sorry for the slight confusion of the broken build, I accidentally missed a commit. |
class InviteCodeValidator < ActiveModel::Validator | ||
def validate(user) | ||
|
||
user_invite_code = InviteCode.find_by_invite_code user.invite_code |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I had another look at the issue where find_by_invite_code(nil)
returning the first record in the table. Turns out this was a couchrest model bug. Luckily it's fixed in the new version. #195 will fix this for leap_web.
So we can safely rely on this to not return an invite code even if the user somehow manages to make user.invite_code return nil. 😅
As I already said in Hamburg, I am very happy with the approach. You are aware of the missing parts yourself. So I have nothing to add in terms of the big picture. This leaves different possibility for using the counter. We can decide upon that later. 🍹 Code also looks good to me. I will add a bunch of comments and questions about small things I noticed. They are meant as style suggestions. I'm not sure i follow them myself all the time 😉 |
timestamps! | ||
|
||
design do | ||
view :by__id |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
interesting. are we using this anywhere?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not anymore - we briefly played with the idea to use the id as the invite code but it didn't seem practical (for starters, printed out and then copied down, it wasn't as user-friendly as the coupon code we generate now).
Should we remove it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes. Please remove it. It's a quick change and it takes much longer to figure out why this is there later on.
599f455
to
ca755c0
Compare
ca755c0
to
7d98221
Compare
As of 3c13802, we saw sign up working with invite codes as well as without. We will apply more testing locally as well as running within the platform tomorrow. Since this is the last week of RGSoC for @ayajaff, we would like to get towards a merge soon given there are no concerns.. @azul Please let us if anything's missing functionally in order to integrate |
…ve a valid user for the tests again
Remove the change password test because the change password functionality is currently unused - however, it breaks with the new invite code field in the signup form.
We introduced a count on invite codes to make sure that (at the moment) codes can only be used once. (The code will also allow multi-use codes in the future.) Also, some of our validations weren't validating against the correct data, which is now fixed.
Through the config param 'invite_required', providers can decide whether users need to provide an invite code upon signup. The default setting is false.
3c13802
to
9adbde1
Compare
Added the necessary labels to allow the localization of the signup form and the labels to users.en.yml for localization
Request for feedback on invite code feature
I also have been sick lately, so I never got around to reading this PR. I am happy it is merged, although I would like to suggest some changes for the future: (1) Remove the
or
The first requires the gem (2) instead of making InviteCode have a "count" property, how about a "uses_remaining" property? This way, in the future, to support invite codes with multiple uses we just change the initial value to be something greater than 1. (3) It has been useful for riseup.net to store the invite code that is used by a user, in order to shut down spammers. For privacy reasons, however, LEAP probably doesn't want to force providers to keep this information around permanently. How about a rake task that removes the invite_code from all users that were created longer than 3 months ago? |
@elijh Thank you for your comments! Re: 1 - Understood about not depending on another gem. One thing I liked about the coupon code gem was the code format, which is easier to read and copy off paper for a human than a non-formatted string. This may be helpful should any providers print out codes and hand them off to new users? Re: 2 - Yes, we were wondering about the best way to implement this. |
I’d say that if we implement this in the near future, is safe enough to assume that only pixelated’s wazokazi provider will have invite codes stored that use the old way |
Base64.encode64(SecureRandom.random_bytes).downcase.gsub(/[0oil1+_/]/,'')[0..7].scan(/..../).join('-') => "myk9-qjdb" We may want the length configurable in the future, but I think anything longer than 8 characters is unnecessary. |
Yes, I think that is better than uses_remaining. I retract what I said. |
Great, I implemented the maximum uses today (here). I'll send a pull request on Monday and then look at the other tasks. |
This version ships with improvements implemented during rails girls summer of code 2015 (in no particular order): * Providers now can require invite codes * Admins can disable and enable users * Payments and subscriptions are possible Thanks heaps to @ankonym, Aya, @claucece and @EvyW. Also thanks a lot to rails girls summer of code and thoughtworks for the organization and coaching. We also include a bunch of smaller bugfixes. For details see the list below: Bugfixes to prepare for 0.8.0 release: * upgrade: couchrest_session_store to 0.3.1 * remove outdated couchrest hack * allow monitor auth to create users even if invites are normally required. * disable per-user message tests (since this feature currently disabled) * api: added super simple motd, closes #7866 Add api support for admin authentication tokens: * api: return proper 404 for GET /1/identities/:id.json * api: added json error pages, allow "." in the :id param of all api routes * api: added get(:show) to identities and users, allow monitors to create/delete test & tmp users. * api: added allow ability to limit what IPs can access api using a static configured auth token. * api tokens - clarify terms: "monitors" are admins that authenticated via api token, "tmp" users are users that exist only in tmp db, "test" users are either tmp users or users named "test_user_x" * api tokens: allow for special api tokens that work like session tokens but are configured in the static config, to be used for infrastructure monitoring. Upgrade to latest rails 3.2: * upgrade: downgrade rake to 10.x * upgrade: use latest rails 3.2 version Smaller fixes: * Handle conflict on token cleanup - fixes #7670 * updated changes file * added travis build status to readme * allow user accounts to be re-enabled, and for associated identities to also get re-enabled. * use RUBY_VERSION instead of :platform for Gemfile (since jessie has a really old bundler) * disable failing cucumber test (leap_web is doing the right thing, the test is just weird). * internet says that bundler on travis might be what is causing test fail, so force install the lastest one. * remove cert fingerprints for disabled users, so that they cannot send email anymore. closes #7690 * vendor certificate_authority, because travis does not like pulling it from github. * travis ci does not support :platform => :ruby_22, so remove for now. * enable byebug for tests * change the default of config.assets.debug for development env. * fix ticket display bug * retain locale in URL when logging in and signing up, and ajax actions in general. Admin UI overhaul: * added UI for invite codes * added caution tape img. * highlight admin areas with caution tape (wip) * fix user list Generate Invite Codes without code_coupon gem: * Cleaned up last traces of the Great Git Mess * Remove Coupon Code gem and make invite code = id * Replace Coupon Code gem for invite code creation * Remove Coupon Code gem and make invite code = id * Remove Coupon Code gem from Gemfile * Replace Coupon Code gem for invite code creation * Fix the InviteCode initialize method so leap_web tests stay green * Adjust the rake task to make id = invite code * set rbenv pin to 2.1.5 Pull request leapcode#204 from pixelated/fix_payment_check * [bug] Only show donation if payment present Payment and Subscriptions (Pull request leapcode#198 from claucece/develop): * Reverting submodule update * updated version of fakebraintree * changed capybara time * fixed gem file * add test to payments and subscriptions * deleted comment * questions added * readme * updated readme * add a comment regarding home * update to haml, created translations, deleted files * add subscriptions * add subs_index and start show * changed routes and links * subscriptions, translation * subscriptions, haml and translations * added customers, recurring payment and payment_info * just played a little * correctly set up comments * added payment_info, _customer_form, sucess instances * Donation button * add donate button, bitcoin, payment_method * implemented the form and the generate Enable/Disable users as admin (Pull request leapcode#196 from EvyW/develop): * identing 2 * Identing first line * with out identing * Translation changes * changes style sheets * index changes * commit user haml * Update leap.scss * test users_controller_test * fixing translations * spanish translations for user actions * adding ability to disable/enable users by admin Allow invites for multiple people: (Pull request leapcode#201 from Alster-Hamburgers/multi-invite) * Adjusted the rake task with comments by @azul * Small code cleanup in the rake task * Cleaned up invite code output for platform tests * Adjust rake task with renamed max_uses * Integrated feedback on multi-invite codes * Update rake task to allow generation of multi-use invites * Allow multi-use invite codes Pull request leapcode#200 from Alster-Hamburgers/localization * Add the localization keys for invite_code and password confirmation Require invite codes for signup based on config setting: (Pull request leapcode#194 from Alster-Hamburgers/feature/invite_code) * Add localization labels to signup form and user.en.yml * Make invite code configurable * Cleaned up code in invite_code_validator.rb * Removed the view_by__id from invite code test * Fixed the signup bug that wrongly consumes the invite code. * Fix cucumber tests by passing valid invite code * Fix the remaining failures/errors in our tests * Fix three unit tests by passing Factory Girl a valid invite code * Fix several test failures by stubbing invite code validation * Separate user and invite code validator tests * Fixes for the invite code validator * Make sure codes can only be used once, fix validations * Add rake task for invite code batch generation * assign random invite code when creating new invite codes * Remove change password browser test * Fix test based on actual invite code validation * Changed invite code query to look for invite_code string instead of id * Add validation of invite code in user object based on codes in couch db * Add invite code model * Added an 'invite code' to all the tests for the sign-up form so we have a valid user for the tests again * Update submodule srp to 9e1a41733 * Move account form info from srp_js into leap_web * Adding invite code field to signup with validation for hardcoded invite code * Disable CSRF token verification on ticket creation. Fix issues found during start of rails girls summer of code: * couchrest_model 2.0.1 fixes find_by_sth(nil) * Update README with docs from website & instructions on local DB * Bump therubyracer to 0.12.2 * improved README.md * do not include random cruft in the common name of smtp client certificates
Hey @elijh and @azul!
We're Aya and Anke from the Rails Girls Summer of Code and we've been working on the invite code feature for the past few weeks. We wanted to let you know what we've done so far and see if you're happy with the invite code feature as it is. We don't expect you to merge our changes yet because one important feature is still missing (as discussed with Azul).
Here is a list of the changes we made:
What's missing:
Here's a link to our github issues where we track what we're working on:
https://github.com/Alster-Hamburgers/leap_web/issues
Please let us know how you like it and if you have any feedback. We still have a few more weeks left to work on the missing features and implement changes.
Best,
Anke and Aya