Opened 15 years ago
Last modified 15 years ago
#43 closed defect (FIXED)
More useful errors for users who have registered but not verified their email
| Reported by: | Christopher Allan Webber | Owned by: | |
|---|---|---|---|
| Priority: | minor | Milestone: | 0.0.2 |
| Component: | Keywords: | ||
| Cc: | Parent Tickets: |
Description
We should somehow warn users that they need to verify their email before they can do anything.
We could do one of a few things:
- When we redirect to login on pages that require an active user, include a GET parameter on the redirect to /auth/login/ like /auth/login/?needs_verify_email=true and display a warning that the reason that the user wasn't able to do something was because they need to verify their email
- Put some text like "not verified" after the user's login name on each page?
In addition we should provide a means to resend the verification email if it borked the first time, and maybe link to that.
Change History (8)
comment:1 by , 15 years ago
comment:2 by , 15 years ago
Okay, so yes, a messaging system is sounding like a better and better idea.
comment:3 by , 15 years ago
Okay, so there were about 3 of us on IRC who liked the idea of a messaging system, but I didn't really get a feeling that there was a concrete way that it was going to be tackled -- only that everyone was on the same boat. :) In the meantime, until we get a proper messaging system I've updated the require_active_login decorator to redirect to an appropriate auth page. Here is the commit from my branch:
[https://gitorious.org/aleksandarmicovic/mediagoblin/aleks-mediagoblin/commit/28afb47ca82b0857aad546ef4cbf869de1ca95a5](https://gitorious.org/aleksandarmicovic/mediagoblin/aleks-mediagoblin/commit/28afb47ca82b0857aad546ef4cbf869de1ca95a5)
We should also have an option to resend the verification email if it hasn't arrived for some strange reason. I can see this getting a little cumbersome as a message if we add this option, though (and in general where a user might want to act upon a message). We'd also have to have the message persist until the user activates their email. To that end, maybe it isn't such a bad idea having a dedicated page for this? We could even have a cute goblin looking at a clock, tapping his foot, growing impatient waiting for the email to arrive. :)
comment:4 by , 15 years ago
Thanks Aleks; this looks like it's going in the right direction for now. I guess a couple of things:
- I think you're right about needing the verification email re-sending thing, and that that's a requirement before I can merge this even :)
- The switch you've done here creates a separate problem: if there's no user logged in whatsoever, it tells them they need to verify their email!
Maybe here's what we should do instead:
if request.user and request.user.get('status') == u'needs_email_verification':
return exc.HTTPFound(
request.urlgen("mediagoblin.auth.verify_email_notice"))
elif not request.user or request.user.get('status') != u'active':
return exc.HTTPFound(
location="%s?next=%s" % (
request.urlgen("mediagoblin.auth.login"),
request.path_info))
comment:5 by , 15 years ago
Argh, you're right. Should have caught that case. I've fixed it here:
[https://gitorious.org/aleksandarmicovic/mediagoblin/aleks-mediagoblin/commit/bcec749b52c287a6d361fd06bfbd833e03e5b478](https://gitorious.org/aleksandarmicovic/mediagoblin/aleks-mediagoblin/commit/bcec749b52c287a6d361fd06bfbd833e03e5b478)
As for the resending of emails, since it's bad practice to keep resending the same key over and over, I ended up actually adding a new method to the User model to generate a new verification key. You can see all of this here:
[https://gitorious.org/aleksandarmicovic/mediagoblin/aleks-mediagoblin/commit/b93a6a229e1c7a7eef76e8322104912378f79a96](https://gitorious.org/aleksandarmicovic/mediagoblin/aleks-mediagoblin/commit/b93a6a229e1c7a7eef76e8322104912378f79a96)
comment:6 by , 15 years ago
| Status: | New → Closed |
|---|
Great... I merged this, made a couple of adjustments (gave a separate message than the "register successful" page) and pushed into master. Thanks aleksm!
Django has a "messaging framework" that makes it easy to queue user messages for later deliver. A similar system would be very useful here: you'd stick the message "You have to verify your account to view /foo/bar/" into the user's message queue in the view at /foo/bar/ and then you'd pop the message off the stack at the /auth/login/ view and display it to the user. (Or the base template would display all unreviewed messages at every opportunity.)
I don't know if there's a general purpose user messaging framework similar to Django's. One direction for exploration is RabbitMQ. At its most basic, RabbitMQ can behave like a simple message delivery system. It's actually much much more than a place for storing user messages, though -- it's a robust task-queueing system. In that sense it's a very heavyweight solution to the problem. But its other uses may make it a valuable piece of infrastructure -- for example, it could be used to queue media-conversion tasks to pass to celeryd, like so.
Admittedly, I've never worked with RabbitMQ at all, so I may be missing something that makes this a terrible suggestion.