Opened 13 years ago

Last modified 13 years ago

#43 closed defect (FIXED)

More useful errors for users who have registered but not verified their email

Reported by: Christopher Allan Webber Owned by:
Priority: minor Milestone: 0.0.2
Component: Keywords:
Cc: Parent Tickets:

Description

We should somehow warn users that they need to verify their email
before they can do anything.

We could do one of a few things:


-  When we redirect to login on pages that require an active user,
   include a GET parameter on the redirect to /auth/login/ like
   /auth/login/?needs\_verify\_email=true and display a warning that
   the reason that the user wasn't able to do something was because
   they need to verify their email
-  Put some text like "not verified" after the user's login name on
   each page?

In addition we should provide a means to resend the verification
email if it borked the first time, and maybe link to that.



Change History (8)

comment:1 by Aaron Williamson, 13 years ago

Django has a "messaging framework" that makes it easy to queue user
messages for later deliver. A similar system would be very useful
here: you'd stick the message "You have to verify your account to
view /foo/bar/" into the user's message queue in the view at
/foo/bar/ and then you'd pop the message off the stack at the
/auth/login/ view and display it to the user. (Or the base template
would display all unreviewed messages at every opportunity.)

I don't know if there's a general purpose user messaging framework
similar to Django's. One direction for exploration is RabbitMQ. At
its most basic, RabbitMQ can behave like a simple
`message delivery system <http://www.rabbitmq.com/tutorials/tutorial-one-python.html>`_.
It's actually much much more than a place for storing user
messages, though -- it's a robust task-queueing system. In that
sense it's a very heavyweight solution to the problem. But its
other uses may make it a valuable piece of infrastructure -- for
example, it could be used to queue media-conversion tasks to pass
to celeryd,
`like so <http://webcookies.org/2009/09/10/rabbitmq-celery-and-django/>`_.

Admittedly, I've never worked with RabbitMQ at all, so I may be
missing something that makes this a terrible suggestion.



comment:2 by Christopher Allan Webber, 13 years ago

Okay, so yes, a messaging system is sounding like a better and
better idea.



comment:3 by Aleksandar Micovic, 13 years ago

Okay, so there were about 3 of us on IRC who liked the idea of a
messaging system, but I didn't really get a feeling that there was
a concrete way that it was going to be tackled -- only that
everyone was on the same boat. :) In the meantime, until we get a
proper messaging system I've updated the require\_active\_login
decorator to redirect to an appropriate auth page. Here is the
commit from my branch:

[https://gitorious.org/\ :sub:`aleksandarmicovic/mediagoblin/aleks-mediagoblin/commit/28afb47ca82b0857aad546ef4cbf869de1ca95a5](https://gitorious.org/`\ aleksandarmicovic/mediagoblin/aleks-mediagoblin/commit/28afb47ca82b0857aad546ef4cbf869de1ca95a5)

We should also have an option to resend the verification email if
it hasn't arrived for some strange reason. I can see this getting a
little cumbersome as a message if we add this option, though (and
in general where a user might want to act upon a message). We'd
also have to have the message persist until the user activates
their email. To that end, maybe it isn't such a bad idea having a
dedicated page for this? We could even have a cute goblin looking
at a clock, tapping his foot, growing impatient waiting for the
email to arrive. :)



comment:4 by Christopher Allan Webber, 13 years ago

Thanks Aleks; this looks like it's going in the right direction for
now. I guess a couple of things:


-  I think you're right about needing the verification email
   re-sending thing, and that that's a requirement before I can merge
   this even :)
-  The switch you've done here creates a separate problem: if
   there's no user logged in whatsoever, it tells them they need to
   verify their email!

Maybe here's what we should do instead:

::

            if request.user and request.user.get('status') == u'needs_email_verification':
                return exc.HTTPFound(
                    request.urlgen("mediagoblin.auth.verify_email_notice"))
            elif not request.user or request.user.get('status') != u'active':
                return exc.HTTPFound(
                    location="%s?next=%s" % (
                        request.urlgen("mediagoblin.auth.login"),
                        request.path_info))



comment:5 by Aleksandar Micovic, 13 years ago

Argh, you're right. Should have caught that case. I've fixed it
here:

[https://gitorious.org/\ :sub:`aleksandarmicovic/mediagoblin/aleks-mediagoblin/commit/bcec749b52c287a6d361fd06bfbd833e03e5b478](https://gitorious.org/`\ aleksandarmicovic/mediagoblin/aleks-mediagoblin/commit/bcec749b52c287a6d361fd06bfbd833e03e5b478)

As for the resending of emails, since it's bad practice to keep
resending the same key over and over, I ended up actually adding a
new method to the User model to generate a new verification key.
You can see all of this here:

[https://gitorious.org/\ :sub:`aleksandarmicovic/mediagoblin/aleks-mediagoblin/commit/b93a6a229e1c7a7eef76e8322104912378f79a96](https://gitorious.org/`\ aleksandarmicovic/mediagoblin/aleks-mediagoblin/commit/b93a6a229e1c7a7eef76e8322104912378f79a96)



comment:6 by Christopher Allan Webber, 13 years ago

Status: NewClosed
Great... I merged this, made a couple of adjustments (gave a
separate message than the "register successful" page) and pushed
into master. Thanks aleksm!



comment:7 by Elrond, 13 years ago

Milestone: 0.0.2
Looks like this went into 0.0.2



comment:8 by Will Kahn-Greene, 13 years ago

The original url for this bug was http://bugs.foocorp.net/issues/314 .

Note: See TracTickets for help on using tickets.