Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User accounts created in Decidim without going via Auth0 #51

Open
RCheesley opened this issue Dec 12, 2023 · 4 comments
Open

User accounts created in Decidim without going via Auth0 #51

RCheesley opened this issue Dec 12, 2023 · 4 comments

Comments

@RCheesley
Copy link
Member

When we invite people as a private member on an assembly and they get an email, it seems like when they click through it's creating them an account in Decidim without going through our auth system (Auth0) to log in first.

So when they next come to log in (eg when they don't have the cookie set, I assume) it's like they can't log in, as the account is present in Decidim but not in Auth0 which is the only way that you can log into our instance.

This is my best interpretation of the situation based on several people today having this problem (it's the last day of voting in our election so naturally the entire world is panic-voting at the last minute!)

Users who had this issue:

Nickname: alanhartless, prateekjain

Neither had a user in Auth0 but their accounts were registered in Decidim.
@RCheesley
Copy link
Member Author

There is no integration process with the invitation process and external authorisation providers currently.

Workaround:

  1. Add text on invitation email to tell them to create an account with the email address for Auth0 before clicking on the link, or ping us to tell us if the account email is different
  2. Raise it as a bug with Decidim for review

@RCheesley
Copy link
Member Author

RCheesley commented Dec 13, 2023
edited
Loading

https://github.com/decidim/decidim/blob/v0.27.4/decidim-core/app/views/devise/mailer/invitation_instructions.html.erb email message is configured here. devise.mailer.invitation_instructions.hello as the variable email
Use these terms to customise the email @RCheesley

@RCheesley RCheesley self-assigned this Dec 13, 2023
@RCheesley RCheesley removed their assignment Oct 24, 2024
@alecslupu
Copy link

Actually i have implemented something like this on the other project i was working on. I have patched the app/views/devise/mailer/invitation_instructions.html.erb To redirect the user to a logged in page, so that the decidim auth system would redirect you to the right place.

Beware there is an additional template app/views/devise/mailer/invitation_instructions.text.erb

<p class="email-greeting"><%= t("devise.mailer.invitation_instructions.hello", email: @resource.name) %></p>

<p class="email-instructions">
  <%= t("devise.mailer.invitation_instructions.someone_invited_you", application: organization_name(@resource.organization)) %>
</p>

<p class="email-button email-button__cta"><%= link_to t("devise.mailer.invitation_instructions.accept"), accept_invitation_url(@resource, invitation_token: @token, invite_redirect: decidim.profile_path(@resource.nickname), host: @resource.organization.host) %></p>

<% if @resource.invitation_due_at %>
  <p class="email-small"><%= t("devise.mailer.invitation_instructions.accept_until", due_date: l(@resource.invitation_due_at, format: :long)) %></p>
<% end %>

<p class="email-small email-closing"><%= t("devise.mailer.invitation_instructions.ignore").html_safe %></p>

@RCheesley
Copy link
Member Author

@froger here's a possible solution :)

@RCheesley RCheesley mentioned this issue Oct 25, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@alecslupu @RCheesley