Send mail on organization creation #200

Closed
opened 2 months ago by lino · 4 comments
lino commented 2 months ago
Owner

As an organization I want to get an email, when my entry is created, so that I know about that and can check the content.

The Mail shoudl contain:

  • Informations about entry
  • Link to reject it (if organization does not want to be listed)
  • Link to verify it
  • Link to create a account (automatically verifies it)

The flow should be:

CASE A

  1. Unauthenticated user creates an organization without an account request
  2. Administrator approves the new organiztaion
  3. Automated mail is send to the organization

CASE B

  1. Administrator creates an organization
  2. Automated mail is send to the organization

The mail address from the contact information of the organization is used. If this does not exist or if there is an error response, the administrator should be informed.

As an organization I want to get an email, when my entry is created, so that I know about that and can check the content. The Mail shoudl contain: - Informations about entry - Link to reject it (if organization does not want to be listed) - Link to verify it - Link to create a account (automatically verifies it) The flow should be: **CASE A** 1. Unauthenticated user creates an organization without an account request 2. Administrator approves the new organiztaion 3. Automated mail is send to the organization **CASE B** 1. Administrator creates an organization 2. Automated mail is send to the organization The mail address from the contact information of the organization is used. If this does not exist or if there is an error response, the administrator should be informed.
lino added this to the Puplication Phase-1 milestone 2 months ago
lino added the
feature
label 2 months ago
lino added this to the Development project 2 months ago
overflw self-assigned this 2 months ago
Owner

Some thoughts on the matter:

  • Do we really need a framework like JWT, or wouldn't it be enough to simply store a one-time usable secret with an organization when it is created without an associated user account? And then use the secret in a emailed link to create an account connected to that organization?
  • What are the benefits of JWT for our usecase? JWT is verifiable as it is singed with our private key - but in which scenario is this valuable for us?
  • Should we go stateless?
  • There are also other libraries doing similar things:
    https://github.com/aaugustin/django-sesame
Some thoughts on the matter: - Do we really need a framework like [JWT](https://jwt.io/introduction), or wouldn't it be enough to simply store a one-time usable secret with an organization when it is created without an associated user account? And then use the secret in a emailed link to create an account connected to that organization? - What are the benefits of JWT for our usecase? JWT is verifiable as it is singed with our private key - but in which scenario is this valuable for us? - Should we go stateless? - There are also other libraries doing similar things: https://github.com/aaugustin/django-sesame
Owner

The easiest way seems to be just using the password reset link generation function from django!
https://docs.djangoproject.com/en/4.1/topics/auth/default/#django.contrib.auth.views.PasswordResetView

For this to function an (active) account must exist already with a temporary password.

There is also a password reset form already included:
https://docs.djangoproject.com/en/4.1/topics/auth/default/#django.contrib.auth.forms.PasswordResetForm

The trouble with this approach is that the required pre-existing useraccount needs an email-address which is used to send the pw-reset link to.. And we might need to be able to send the reset link to an arbitrary address at a later point.

What we need is a link to create an account for a certain organization.
This guide can help with this:
https://simpleisbetterthancomplex.com/tutorial/2017/02/18/how-to-create-user-sign-up-view.html#sign-up-with-confirmation-mail

The easiest way seems to be just using the password reset link generation function from django! https://docs.djangoproject.com/en/4.1/topics/auth/default/#django.contrib.auth.views.PasswordResetView For this to function an (active) account must exist already with a temporary password. There is also a password reset form already included: https://docs.djangoproject.com/en/4.1/topics/auth/default/#django.contrib.auth.forms.PasswordResetForm The trouble with this approach is that the required pre-existing useraccount needs an email-address which is used to send the pw-reset link to.. And we might need to be able to send the reset link to an arbitrary address at a later point. What we need is a link to create an account for a certain organization. This guide can help with this: https://simpleisbetterthancomplex.com/tutorial/2017/02/18/how-to-create-user-sign-up-view.html#sign-up-with-confirmation-mail
Owner

At the moment we have no information on which account that is assigned to an organization is the actual organizations account..
Maybe we should add a field to the organization model similar to 'creator' but named e.g. 'organization_account' or 'owner'. This is central to the 'verified' logic.

At the moment we have no information on which account that is assigned to an organization is the actual organizations account.. Maybe we should add a field to the organization model similar to 'creator' but named e.g. 'organization_account' or 'owner'. This is central to the 'verified' logic.
Owner

Or should we just keep it simple and allow any assigned account to add the verified checkmark but not do any automation there.

Or should we just keep it simple and allow any assigned account to add the verified checkmark but not do any automation there.
overflw referenced this issue from a commit 2 months ago
overflw closed this issue 2 months ago
lino removed this from the Development project 2 months ago
Sign in to join this conversation.
No project
No Assignees
2 Participants
Notifications
Due Date

No due date set.

Dependencies

No dependencies set.

Reference: radarini/radarini#200
Loading…
There is no content yet.