@mattab opened this Issue on August 20th 2018 Member

The goal is to change the way Matomo creates new users (ie. team members), by introducing an Invitation system. Instead of directly creating accounts for people, a Super User (or a user with Admin access) would invite a new person to join the Matomo platform, and they have to then accept the invitation (click a button in the invitation email, within a period of up to 4 weeks or so.). When accepting the invitation they can set their secure password.

The invitation solution is used in products like Github and Slack. Let us look at how they do it and get inspired?

Notes:

  • For flexibility reasons, the API should allow bypassing the invitation process, and directly force-create a new valid user.
    • For API BC reasons, should we keep the default behavior as "no invite" or do we switch to invite by default?
  • Initially we thought of having a Wordpress-like email notification system in https://github.com/matomo-org/matomo/issues/12797 but then realised it's better to always invite people so they can agree to Terms & conditions, for example.
  • more feedback?
@fdellwing commented on August 20th 2018 Contributor

Take a look at https://github.com/opf/openproject, is has such a system (a good one in my opinion) and is completely open source.

@tsteur commented on November 10th 2021 Member

Here already a few notes:

  • In UI "Add new user" button becomes "Invite a new user".
    • Password field removed.
    • Username field stays. Why? Because it won't be easy to configure that user without username in Matomo as it's the ID.
  • New API for "invite user". Old "addUser" we still keep for BC and possibly also beyond that
  • Activity log should recognise "invite user" and "invite user accepted".
  • Need a UI to "manage invitations"
    • remove a pending invite.
    • resend a pending invite
    • see when it expires
    • see a list of all invited people
    • We show this as part of the "Manage users" screen above the list of regular users below the "invite a new user" button.
  • Have eg a new column in user table "invite_token" and "invite_expire". The token be hashed in the DB and not in plain text. Could use eg password_hash for example. By default, the invite is valid for 7 days. This needs to be configurable using the API parameter and as a configuration option.
  • While user is being invited, a super user or admin can already configure access to sites for that invited user
  • The invited user receives an email with a button to accept the invite.
    • Then the screen shows up to sign up where a user enters password etc see below
    • A user can also decline the invite in which case the person that created the invite is being notified by email and we remove the user entry to have no personal data in there. (we might need to store in the user table who invited the user, if that user login no longer exists then we don't notify anyone)
    • If the invite is expired, then we also remove the user from the DB and send an email to the person that created that user
  • When a user clicks on accept invite, they enter their password. If privacy policy or terms is configured, then we show these links. We say eg if privacy policy is configured: By signing up, I accept the Privacy Policy. If terms is configured we say it similarly for terms. If both are configured then we mention both.
    • FYI Later we will post some event to hook into the invite screen so we can ask more questions like their role etc.
  • How do we signal in "Manage users" screen that we're waiting for invite to be accepted? Maybe we don't list them there and permissions need to be edited in the "manage invitations" screen?
  • Invited users can be seen by super users, and the person that invited that user.
  • An invited user that hasn't accepted the invite yet, the invite can be removed by these super users or the person that invited the user.
@peterhashair commented on November 18th 2021 Contributor

@tsteur @mattab I got it working on my local, just doing a final tidy up. Also checking the interface before I push my PR. I add a status filter and status into the user table column, which shows the active or pending users. Maybe we need another action button that they can resend the invite again. Currently, I set the token to expire in 3 days. Let me know if we want to make a different tab just for invite users.

image

@tsteur commented on November 18th 2021 Member

@peterhashair Be good to add a new action for resending the invite 👍

Currently, I set the token to expire in 3 days.

See above. By default, the invite is valid for 7 days. This needs to be configurable using the API parameter (when inviting a specific user) and as a configuration option for overall default time.

Let me know if we want to make a different tab just for invite users.

Looks pretty good like above so far on the screenshot but haven't checked it out yet in the actual UI. I think we might not need a different tab for it.

Powered by GitHub Issue Mirror