New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
invite user replace add user #18868
invite user replace add user #18868
Conversation
draft vue version
update some functions
update wording
move some validation
update some structure
update validators
update some changes
update invite
@sgiehl I got a question for the structure, is that ok for me to move some of the |
add status
If private API methods could be reused somewhere else, it makes sense to move them to another class. |
add invite page
add invite page
add some api back
update tests
update all xml in the tests
update tests
update tests
update tests
update tests
update tests
# Conflicts: # plugins/Login/Controller.php
update tests
update tests
update tests
update tests
update tests
update tests
update lang
update some errors
update screenshots
update ui tests and resend invitation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@peterhashair Looking good overall 👍
I noticed a couple of issues:
The Resend Invite
action shows for all users even if they haven't been invited, this could be confusing and an error is shown when attempting to reinvite existing users. It would be good to hide Resend Invite
if the user hasn't been invited.
After creating an invite for a new user, following the accept link and entering a new password an error is shown:
This happens when already logged in as one user who creates the invite, then the accept link is opened in the same browser. Probably not a common scenario but it could happen, especially when testing.
@bx80 fixed it. |
update screenshots
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The resend invite action is only showing when an invite has been sent 👍
The defaultReportDate
was due to an out of date plugin I had installed - no issue once the plugin was deactivated 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here would have really a lot changes been required before I would have considered this PR as mergeable.
The most important ones are:
- Using a token_auth as invite token is kind of a security problem, as it allows using the API without even accepting the invite
- The tests are not covering the whole process. It's nice that all screens are covered by a UI test, but it would also be important to really click the
accept
ordecline
button and see what happens afterwards. Not having tests for that has the risk, that this might regress in the future and we won't see that. - The user experience of this new feature is quite bad, as in a lot places the success notifications are missing and the users doesn't see if his action actually worked or not.
SomeMost of the requirements of the original issue aren't fulfilled. To mention some important ones of the list here: Invite new users in Matomo, rather than creating them directly #13321 (comment)- Activity log should recognise "invite user" and "invite user accepted".
--> see comments about missing / changed events - A user can also decline the invite in which case the person that created the invite is being notified by email and we remove the user entry to have no personal data in there. (we might need to store in the user table who invited the user, if that user login no longer exists then we don't notify anyone)
--> currently the user remains in the database - When a user clicks on accept invite, they enter their password. If privacy policy or terms is configured, then we show these links. We say eg if privacy policy is configured: By signing up, I accept the Privacy Policy. If terms is configured we say it similarly for terms. If both are configured then we mention both.
--> currently there is always Terms & Conditions displayed. - In addition the UI currently doesn't allow to see when a invite expire, nor is it possible to show all invited users (e.g. by a filter).
- Invited users can be seen by super users, and the person that invited that user.
--> currently everyone who has permission can see the user, as invites are created as a normal users.
- Activity log should recognise "invite user" and "invite user accepted".
Thanks for that @sgiehl, you are right - there are several issues here that should have been caught during review and will need to be addressed with a fix PR. With the auth token issue, what do you think about adding a boolean flag |
@bx80 using the token auth table for that might not have been the best choice, as it will require to change all the existing code, that by default when checking for tokens it will need to ignore such special tokens. Personally I might have added two fields to the user table. |
@sgiehl that makes sense, I will rework the table structure on that one. |
Description:
fixes: #13321
Since we move UsersManager to VUE. Redo the entire PR in the VUE version and fixes the remaining comments
This PR is VUE version of #18351
This probably needs docs for it, still working on the docs, not sure we want people inject their only term & condition on the set password page.
Changes
add one table column
Review