rgsoc-teams icon indicating copy to clipboard operation
rgsoc-teams copied to clipboard

Published 20 hours ago verified publisher icon rails-girls-summer-of-code

User registration: ask user to provide email if it cannot be retrieved from Github

Open carpodaster opened this issue 6 years ago • 7 comments

Users can mark their email address private on their Github profile, making it unavailable for API clients like the one retrieving user data by github handle when a user registers in our site.

If the registration process cannot complete with a valid email address, redirect the user to a form and ask them to provide one.

Note: this may already be implement. Investigate first.

carpodaster avatar Apr 23 '18 19:04 carpodaster

I've done some research and come to some conclusions:

  1. You cannot Oauth on a fresh Github account without a verified email address: screen shot 2018-05-02 at 13 32 28

  2. Marking an email address as private still allows this to be imported by the Oauth app

  3. Creating a new account takes the new user to complete their profile.

Given this information, what do you think? I'd almost say that, given the above, we can leave it as is.

hola-soy-milk avatar May 02 '18 11:05 hola-soy-milk

Oh wow @ramonh 🙇

That's ace! Means the problem of not being able to retrieve an email address actually does not exist at all?

When and under which circumstances was this then originally reported @carpodaster ?

klappradla avatar May 02 '18 20:05 klappradla

Great find, Ramon! :male_detective:

Maybe it wasn't always the case? I'm pretty we've had reports by orga people that users on the Teams App hat their email address set to nil :man_shrugging: I'm closing this.

carpodaster avatar May 02 '18 21:05 carpodaster

When I start a new team, I can add team members that don't exist: partyppooper, or that have a hidden email address: Sandi Metz skmetz. In both cases we store a user with email address: nil

I know I did something like this for real, when I didn't know Roos yet and I wanted to see what the application form was like. So, it's not a hypothetical case. Do we (need to) get rid of the fake users?

emcoding avatar May 03 '18 12:05 emcoding

Ahh! Good point, @F3PiX. I overlooked adding team members. Maybe we should reopen this, huh?

hola-soy-milk avatar May 03 '18 13:05 hola-soy-milk

Well, I don't know by heart what happens when a user added by team members sign in with Gh the first time. (See conv in Slack, I am working on sketching the flow.) Maybe it is a different issue alltogether - related to cleaning up the database?

emcoding avatar May 03 '18 13:05 emcoding

Definitively reopen Reproduce:

  • Make yourself a team member on the website
  • Add a fake name, for a non existing user (like partypppooper)
  • On the teampage, click on the newly create team members name/github link. => 404 It is not a valid github name, but is added to our database and as a team member.

In console, check out User.last. See that non of the github fields are populated, except for the fake handle.

  • [ ] We use find_or_create_by_github_handle to create a new user. I'd like to investigate if we could change that to github_id, to catch invalid entries. TBD later, adding it to the list for #991

emcoding avatar May 16 '18 18:05 emcoding