invite user replace add user #18351

Description:

Just a note, I think this PR will be put on pause for now, currently is on the transaction from angular to VUE. Once the Vue implementation is finished, will convert it to VUE and fix the remaining task.

Add Two table column

• invite_status sent or null
• invite_at datetime

Using currently token from user_auth_token table. Resend invite will send a link to the user, clicking the link will mark the user active and land on the password setting page.

Email template:

Missing:

• UI Test
• Integration Test

Review

• [ ] Functional review done
• [ ] Potential edge cases thought about (behavior of the code with strange input, with strange internal state or possible interactions with other Matomo subsystems)
• [ ] Usability review done (is anything maybe unclear or think about anything that would cause people to reach out to support)
• [ ] Security review done
• [ ] Wording review done
• [ ] Code review done
• [ ] Tests were added if useful/possible
• [ ] Reviewed for breaking changes
• [ ] Developer changelog updated if needed
• [ ] Documentation added if needed
• [ ] Existing documentation updated if needed

@peterhashair I saw your questions in the email but they are removed in the comment here. I'll comment quick anyway

To addColumn to exiting database table. do I use `4.7.0-b1?

Likely yes, it depends when we merge it and whether by then maybe already a b1 has been released. Likely it will be -b1 though.

Introduce user status, currently depending on the invite_token field, just checking, do we want to introduce this field as an individual field not relied on invite_token. So it accepts pending, suspended, disabled, etc.

Not 100% sure. It really depends whether it's needed or not. It might not be needed as I think we delete a user if we withdraw the invite etc. We probably won't have a suspended. I'd say it's probably not needed, but it's hard to say without being too much into it.

Resend invites, after people send invites do we need a status said sent, and the next send can only be done after 15mins? Otherwise, it maybe adds a mail server to span?

Yes that be good 👍

@tsteur sorry to bother you, I am trying to implement integration tests, but it seems like the database missing the new field I happened to, do I need to add a install() function inside of UserManager other than 4.7.0-b1.php

@peterhashair you will also need to adjust the schema in https://github.com/matomo-org/matomo/blob/4.6.0-rc2/core/Db/Schema/Mysql.php#L47 which is used for new installs

@tsteur it seems like the tests still don't apply that database extends fixture on my local does not update the database. It's there a way I can manually run updates, I mean manually run 4.7.0-b1.php

@peterhashair you will also need to set the version number in the version class to 4.7.0-b1

Not sure if how we test the email templates on screenshot

the question I have for that one is are we missing an email Screenshot test, still thinking about how we implement this.

@peterhashair do you want to test what the email looks like? In that case we could create an integration test and check that the created email content matches the expected HTML or text content. And basically not have a visual test for the email content.

@tsteur that make more sense, Will do a HTML code comparison

This issue is in "needs review" but there has been no activity for 7 days. ping @matomo-org/core-reviewers

This issue is in "needs review" but there has been no activity for 7 days. ping @matomo-org/core-reviewers

This issue is in "needs review" but there has been no activity for 7 days. ping @matomo-org/core-reviewers

What's needed here to move this PR along @peterhashair? Can you update and request review?

@justinvelluppillai nothing needed here, just code review :)

• In the Invite User UI before the "Invite" button can we show some text what will happen after clicking on the button? Like we can mention that the user will receive an email, that the user has X days to confirm this email. And we can also inform them they can reject an unaccepted invite by doing xyz? What else would be important?

• The email contains %s text
  

• Can we disable maybe the "Password" form field (maybe also in the API) until a user confirmed the invite? Currently a super user can set the password for a person who was invited but has not accepted anything yet. I checked it wasn't possible to log in but may be still good to prevent this?

• I'm not sure but it looks like I was automatically logged in if after accepting the invite without having to confirm the password. Possible that this was the case because the super user set a password on my behalf but doesn't look like it. I tested it with another user as well and I did not have to configure any password I was directly logged in and could click around in the UI and it counted as accepted.
  Instead it was accepted that we're showing the user a screen where the user confirms the invite, configures password, and also we need to make sure that they'll know what their login is. They won't be automatically logged in. If a privacy or terms or imprint URL is configured in general settings then they would need to agree to the configured terms and policy to confirm the invite. And if an Imprint URL is configured, then we would need to show this URL too but they would not need to agree to it. This could be shown at the bottom.

I stopped for now with reviewing as it looks like there may be still some bigger things left to do

@tsteur will do an update. :)

If you don't want this PR to be closed automatically in 28 days then you need to assign the label 'Do not close'.

@sgiehl that one is not ready yet :) , but will do a update

Just a note, I think this PR will be put on pause for now, currently is on the transaction from angular to VUE. Once the Vue implementation is finished, will transfer it to VUE and fix the remaining task.

If you don't want this PR to be closed automatically in 28 days then you need to assign the label 'Do not close'.

closing in favor of #18868