Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

mismatch of PP/TOS text and button text ('next' vs. 'sign in') #1240

Closed
jrgm opened this Issue · 13 comments

7 participants

@jrgm
Collaborator

1) Go to beta.myfavoritebeer.org and click signin
2) click 'This is not me' if signed in
3) Enter either the email of an existing user or something new (adsfiowerui@example.com)

The text says "By clicking next ...", but the button is either 'sign in' or 'verify email'

img

@ozten ozten was assigned
@skinny97214 skinny97214 was assigned
@lloyd

@skinny97214 will give us a chart, @ozten will do a first pass, after we change the world we will do another pass.

@skinny97214
Owner

Only show on screens where the button is the last click. It shouldn't show next to the [next] button.

@jbonacci
Collaborator

Closing as a duplicate of meta issue #1303.

@jbonacci jbonacci closed this
@jbonacci jbonacci reopened this
@jbonacci
Collaborator

Still an issue for the password section of an initial sign-in:
By clicking next, you confirm that you accept this site's Terms of Use and Privacy Policy.
Where the current button is "sign in"

STRs:
Open beta.myfavoritebeer.org
Sign in for the first time with an email from a known account
Click Next
Note the password field is now blank/showing.
Note the above text is showing also.

We should be saying this:
By clicking Sign In, you confirm that you accept this site's Terms of Use and Privacy Policy.

In the second case (you are already signed into an account and you click "This is not me..."):
I see the same result.

So this specific issue is still not fixed.
Once it is fixed, we will need a separate issue opened to get the localizers to update their translations (if appropriate).

@shane-tomlinson
Collaborator

@skinny97214 - there is a problem with only showing the tos/pp message only at the last click. If the user is logged in to their primary whenever they initially enter their email address into the email field, no "next" button is shown.

A second source of weirdness is when a user goes to add an email to an existing account. More on this to follow.

User signing in/up to BrowserID:

 primary is an address supported by a Primary IdP.
 secondary is an address that must be verified using BrowserID as the secondary authority.

* Email is already registered with BrowserID:
       - primary, user not logged in with IdP - show at the "next" button.
       - primary, user logged in with IdP - No "next" button is ever shown.
       - secondary - show when the password field and "sign in" buttons are shown.
* Email is not registered with BrowserID (new user):
       - primary, user not logged in with IdP - show at the "next" button.
       - primary, user logged in with IdP - No "next" button is ever shown.
       - secondary - show when the "verify email" button is shown.

If the user is signed in to BrowserID:

* at the email picker.

Add Email Screen - If new email is:

* secondary - verification screen is shown without a second button being displayed.
* primary, user is signed in with IdP - email is added without a second button being displayed.
* primary, user is not signed in with IdP - show with the "verify" button.

As you can see, with the add email flow, two of the 3 flows do not display a second button, and one does. We only know which of the three states the user will be in once the user clicks the first button. Should we add button clicks or show the tos/pp statement for all 3?

@skinny97214
Owner

Ok, we can show it on the first sign-in screen next to [next]

... IFF we reduce when users see this. It shouldn't show if their local storage indicates they've already acknowledged the TOS. Nice to have: It also shouldn't appear if they site indicates to us the user already has an account.

@shane-tomlinson
Collaborator

From Jishnu:

  1. on the first screen, when the user has not indicated email address at all, remove the TOS/PP string - no need to have it here.

  2. Once a user has indicated a valid browserID email and the password form shows up, then put in the TOS/PP string for tosfix.myfavoritebeer.org. But consider changing it to "By clicking next, you confirm that you accept tosfix.myfavoritebeer.org's Terms of Use and Privacy Policy." to make it extra clear that it's not BrowserID's TOU/PP they are assenting to.

  3. If the email address is new, then after "Welcome to BrowserID! This email looks new, so let's get you set up." put "By clicking next, you confirm that you accept BrowserID's Terms of Use and Privacy Policy." and link to the BrowserID TOU/PP.

@jishnu

Hiya -

Just to clarify - my comments were trying to differentiate between the Persona TOU/PP (soon to be revamped) which users need to agree to when creating a Persona account vs the site to which they are logging in to's TOU/PP. I def think each should only be shown right before the user assents to the appropriate interaction (sign-up/sign-in to site) and not multiple times as that would be even more confusing.

If there are any ideas on how to differentiate the two of these use cases more fully that would be awesome to hear.

@shane-tomlinson
Collaborator

I am proposing a hybrid approach which combines both Jishnu's and Skinny's proposals to be both unobtrusive and provide a large area of coverage.

From my understanding, we need two sections of TOS/PP - one for the RP, and one for BrowserID. The BrowserID TOS/PP only needs shown to new users. Users who are already authenticated only need to see the RPs TOS/PP.

Proposal:
1) If the user is not signed in to BrowserID:
* show both BrowserID and RP TOS/PPs only when the user is typing in their email address.
2) If the user is signed in to BrowserID and this is the first time the user is visiting a site:
* show the RP's TOS/PP under the list of email addresses
* show the RP's TOS/PP in the "add email address" before the user clicks "next"
3) If the user is signed in to BrowserID but they have visited the site before:
* Do not show any TOS/PP

@shane-tomlinson shane-tomlinson referenced this issue from a commit
Commit has since been removed from the repository and is no longer available.
@shane-tomlinson shane-tomlinson referenced this issue from a commit
Commit has since been removed from the repository and is no longer available.
@shane-tomlinson shane-tomlinson referenced this issue from a commit
Commit has since been removed from the repository and is no longer available.
@shane-tomlinson shane-tomlinson referenced this issue from a commit
@shane-tomlinson shane-tomlinson TOS/PP updates to only show TOS/PP where needed.
Show the BrowserID and RP TOS/PP at the correct time with the correct text.

* BID TOS/PP is only displayed to new users.
* RP TOS/PP is only displayed to new users, or users who have not been to a site before.

Details:
* Bring over rp_info.js from another branch. Module charged with displaying RP related info.
* In authenticate, add_email, and pick_email controllers, trigger message to update "next" button text to be correct for the particular screen.
* To dom-jquery, add hide and show functions.

Call controllers that need to display the TOS/PP info with siteTOSPP parameter.  This reduces the amount of data that needs to be passed around.

issue #1240
c62508c
@shane-tomlinson shane-tomlinson referenced this issue from a commit
@shane-tomlinson shane-tomlinson TOS/PP rebase with dev, cleanup
* Rename tosURL/privacyURL to termsOfService and privacyPolicy universally.
* Clean up styles as Skinny suggests.
* Remove dead code from pick_email.js

issue #1240
c88896d
@shane-tomlinson shane-tomlinson referenced this issue from a commit
@shane-tomlinson shane-tomlinson TOS/PP updates to only show TOS/PP where needed.
Show the BrowserID and RP TOS/PP at the correct time with the correct text.

* BID TOS/PP is only displayed to new users.
* RP TOS/PP is only displayed to new users, or users who have not been to a site before.

Details:
* Bring over rp_info.js from another branch. Module charged with displaying RP related info.
* In authenticate, add_email, and pick_email controllers, trigger message to update "next" button text to be correct for the particular screen.
* To dom-jquery, add hide and show functions.

Call controllers that need to display the TOS/PP info with siteTOSPP parameter.  This reduces the amount of data that needs to be passed around.

issue #1240
54f9cbf
@shane-tomlinson shane-tomlinson referenced this issue from a commit
@shane-tomlinson shane-tomlinson TOS/PP rebase with dev, cleanup
* Rename tosURL/privacyURL to termsOfService and privacyPolicy universally.
* Clean up styles as Skinny suggests.
* Remove dead code from pick_email.js

issue #1240
7b0184d
@shane-tomlinson
Collaborator

Once the TOS/PP changes are merged, this will no longer be an issue as the text has changed to "By proceeding"

@shane-tomlinson
Collaborator

It just got MERGED. closing.

@jbonacci
Collaborator

Finally! QA will pick this up on the next train (first train of July)...

@jbonacci
Collaborator

I think the new text really solves many of my old complaints about this:
"By proceeding, you agree to Persona's Terms and Privacy Policy. "
vs. use of "Next" and "Sign In" in the text.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.