Just a note, I think this PR will be put on pause for now, currently is on the transaction from angular to VUE. Once the Vue implementation is finished, will convert it to VUE and fix the remaining task.
Add Two table column
invite_status
sent or nullinvite_at
datetimeUsing currently token from user_auth_token
table. Resend invite will send a link to the user, clicking the link will mark the user active and land on the password setting page.
Email template:
Missing:
@peterhashair I saw your questions in the email but they are removed in the comment here. I'll comment quick anyway
To addColumn to exiting database table. do I use `4.7.0-b1?
Likely yes, it depends when we merge it and whether by then maybe already a b1 has been released. Likely it will be -b1 though.
Introduce user status, currently depending on the invite_token field, just checking, do we want to introduce this field as an individual field not relied on invite_token. So it accepts pending, suspended, disabled, etc.
Not 100% sure. It really depends whether it's needed or not. It might not be needed as I think we delete a user if we withdraw the invite etc. We probably won't have a suspended. I'd say it's probably not needed, but it's hard to say without being too much into it.
Resend invites, after people send invites do we need a status said sent, and the next send can only be done after 15mins? Otherwise, it maybe adds a mail server to span?
Yes that be good 👍
@tsteur sorry to bother you, I am trying to implement integration tests, but it seems like the database missing the new field I happened to, do I need to add a install()
function inside of UserManager other than 4.7.0-b1.php
@peterhashair you will also need to adjust the schema in https://github.com/matomo-org/matomo/blob/4.6.0-rc2/core/Db/Schema/Mysql.php#L47 which is used for new installs
@tsteur it seems like the tests still don't apply that database extends fixture on my local does not update the database. It's there a way I can manually run updates, I mean manually run 4.7.0-b1.php
@peterhashair you will also need to set the version number in the version class to 4.7.0-b1
Not sure if how we test the email templates on screenshot
the question I have for that one is are we missing an email Screenshot test, still thinking about how we implement this.
@peterhashair do you want to test what the email looks like? In that case we could create an integration test and check that the created email content matches the expected HTML or text content. And basically not have a visual test for the email content.
@tsteur that make more sense, Will do a HTML code comparison
This issue is in "needs review" but there has been no activity for 7 days. ping @matomo-org/core-reviewers
This issue is in "needs review" but there has been no activity for 7 days. ping @matomo-org/core-reviewers
This issue is in "needs review" but there has been no activity for 7 days. ping @matomo-org/core-reviewers
What's needed here to move this PR along @peterhashair? Can you update and request review?
@justinvelluppillai nothing needed here, just code review :)
The email contains %s
text
Can we disable maybe the "Password" form field (maybe also in the API) until a user confirmed the invite? Currently a super user can set the password for a person who was invited but has not accepted anything yet. I checked it wasn't possible to log in but may be still good to prevent this?
I'm not sure but it looks like I was automatically logged in if after accepting the invite without having to confirm the password. Possible that this was the case because the super user set a password on my behalf but doesn't look like it. I tested it with another user as well and I did not have to configure any password I was directly logged in and could click around in the UI and it counted as accepted.
Instead it was accepted that we're showing the user a screen where the user confirms the invite, configures password, and also we need to make sure that they'll know what their login is. They won't be automatically logged in. If a privacy or terms or imprint URL is configured in general settings then they would need to agree to the configured terms and policy to confirm the invite. And if an Imprint URL is configured, then we would need to show this URL too but they would not need to agree to it. This could be shown at the bottom.
I stopped for now with reviewing as it looks like there may be still some bigger things left to do
@tsteur will do an update. :)
If you don't want this PR to be closed automatically in 28 days then you need to assign the label 'Do not close'.
@sgiehl that one is not ready yet :) , but will do a update
Just a note, I think this PR will be put on pause for now, currently is on the transaction from angular to VUE. Once the Vue implementation is finished, will transfer it to VUE and fix the remaining task.
If you don't want this PR to be closed automatically in 28 days then you need to assign the label 'Do not close'.
closing in favor of #18868