feat: introduce invites and allow for inviting new users without creating an account for them#1155
Conversation
tefkah
force-pushed
the
tfk/invite-signup-rewrite
branch
from
7afebdb to
710b281
Compare
|
| @@ -0,0 +1,33 @@ | |||
| # Signup | |||
|
|
|||
There was a problem hiding this comment.
this is not meant to be exhaustive, just not incorrect
…ccepted if the user still needs to sign up
| communityId: pub.communityId as CommunitiesId, | ||
| lastModifiedBy, | ||
| actionRunId: args.actionRunId, | ||
| userId: isActionUserInitiated ? args.userId : undefined, |
There was a problem hiding this comment.
bc i want to track who invited a user through an email action, if any
| for (key in membership) { | ||
| if (membership[key] !== acc[key as keyof typeof acc]) { | ||
| throw new Error( | ||
| `Membership ${key} mismatch between ${membership[key]} and ${acc[key as keyof typeof acc]}` | ||
| ); | ||
| } | ||
| } |
There was a problem hiding this comment.
@kalilsn not so sure about this looking at how you implemented deduping in eg
my understanding was that a user would only have multiple memberships if they were all contributor + form memberships. but in your implementation above it seems that you are just looking for the highest value one, which implies that a user could eg have a contributor AND an editor membership for the same entity. is that intended?
There was a problem hiding this comment.
I think you're right, we have unique indices on each of the membership tables that would prevent this situation from ever happening.
There was a problem hiding this comment.
I had just forgotten that when I wrote my dedupe function! And I didn't think too hard about it since that code is going to be deleted soon!
There was a problem hiding this comment.
Actually it does seem like there's a bug in this: the || should be an &&. But since we're enforcing this at the database level, I'd rather just remove these checks
|
|
||
| import type { CommunitySeedOutput } from "~/prisma/seed/createSeed"; | ||
| import { createSeed } from "~/prisma/seed/createSeed"; | ||
| import { seedCommunity } from "~/prisma/seed/seedCommunity"; | ||
|
|
There was a problem hiding this comment.
this is mostlyhere to make testing in the preview env a bit easier. i recommend we remove this seed before the merging
There was a problem hiding this comment.
going to leave it for now because i may want to use it for my own testing. but if there's some risk i'm unaware of we can discuss when you're back!
|
|
||
| const legacyId = "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa" as CommunitiesId; | ||
| const starterId = "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb" as CommunitiesId; | ||
| const legacyId = "aaaaaaaa-aaaa-4aaa-aaaa-aaaaaaaaaaaa" as CommunitiesId; | ||
| const starterId = "bbbbbbbb-bbbb-4bbb-bbbb-bbbbbbbbbbbb" as CommunitiesId; |
There was a problem hiding this comment.
needs a 4 there to be a proper v4 uuid, which otherwise trips up the z.string().uuid()
| export enum InviteStatus { | ||
| created = "created", | ||
| pending = "pending", | ||
| accepted = "accepted", | ||
| completed = "completed", | ||
| rejected = "rejected", | ||
| revoked = "revoked", | ||
| } |
There was a problem hiding this comment.
not sure if it's completely worth having a diff between accepted and completed
| {notice && <Notice type="notice" title={notice} body={body} />} | ||
| {error && <Notice type="error" title={error} body={body} />} |
There was a problem hiding this comment.
this is also a new addition: the login screen now can display notices. by default, if redirected to here bc of getPageLoginData, itll display an error saying "you need to be signed in to access that page". i added this bc i need the user to sign in to their account if its an invite for an existing account, and i think its nice to show why you need to do something on the login page, rather than just being shown a blank one
There was a problem hiding this comment.
big improvement, i think we'll use this a lot!
… handle non-completed invites better
|
@kalilsn i made some slight updates to some flows, namely:
|
kalilsn
left a comment
kalilsn
left a comment
There was a problem hiding this comment.
really nice work! i'd write more but the size of this pr is making the editor perform terribly
3 participants
Issue(s) Resolved
Resolves #1002
High-level Explanation of PR
See https://pubpub.github.io/platform/pr-preview/pr-1155/development/authentication/invites for a semi-accurate diagram of the invite flow.
This PR formalizes our user signup and permission management process by introducing an invite system.
Core Functionality
invitestable to manage user onboardingTest Plan
Tests
Since we cant send emails in the preview env, ive created a small new community that has the same set up as the main tests here. You can visit the invite urls and test out the invite flow.
(the tokens are created deterministically, so these links should be safe. )
Naming convention is roughly:
${state}${inviteType}InviteNote that once you accept an invite for that user, all the other invites will stop working, sorry. Maybe easier to run that locally.
Screenshots (if applicable)
Note
I dont want to redo the screenshots, but the link icon at the bottom is gone. i was accidentally using the link icon rather than
next/linkValid invite with email
Invalid invite
Expired
Already accepted
Already rejected
Revoked
Somehow not sent invite
Links:
Valid invite for user
For all the
userinvites, a user from another community has been invited.their login is
email: [email protected]
password: password
not logged in
logged in
https://pr-1155-invite-signup-ip-54-234-165-172.my.preview.run/c/test-community/public/invite?invite=bbbbbbbb-bbbb-4bbb-bbbb-111111111111.bbbbbbbb11111111&redirectTo=/c/test-community/public/forms/evaluation/fill
Not for you
Rejecting
Try it here:
Notes