is being logged in really an error

[marisastrong]

I invited someone to a plan (actually myself, but just my gmail account) and clicked on the link to accept the invitation.

I was directed to the application but it said Error you are already logged in.
Is this really an error?

Here's the email (separate issue but could use some formatting)

Hello mxs4ever@gmail.com,

A colleague has invited you to contribute to their Data Management Plan at DMPRoadmap - STAGE.

Click here to accept the invitation (or copy https://roadmap-stg.cdlib.org/users/invitation/accept?invitation_token=6LfYmtPwZ-WUy3Sh2MQF into your browser).

If you don't want to accept the invitation, please ignore this email. Your account won't be created until you access the link above and set your password.

All the best, The DMPRoadmap - STAGE team.

[marisastrong]

Do we have other categories of messages other than error - Alert, Warning, etc

[briri]

We're using the standard Rails flash messages (alert and notice). I agree that isn't really an error (or at least not a negative thing anyway). We will have to dig into the code though to see if this message is being thrown by one of our controllers or within the devise gem that we're using to handle authentication.

[sjDCC]

I suspect this is because your browser was already logged in as marisa.strong@ucop when you followed the invite token issued to mxs4...

I'd noticed an error the other day which displayed in the standard yellow alert. Are we not colour coding them or is that to come?

[briri]

noted the desire to set the notice/alert colors to mimic those in the current DMPonline site in #746

[jollopre]

@sjDCC was right, this message comes up due to the user being signed in when a link for a new user creation according to the token is passed.

I have override the flash alert with a more sensible message "Cannot validate invitation token unless you sign out". We can certainly change it to a flash notice instead.

Please, let me know if you come up with a better message to be displayed.

[sjDCC]

That message sounds fine to me @jollopre. I think it's going to be a rare case anyhow, when the likes of us are testing sharing with multiple email addresses.

[marisastrong]

Actually, that sounds more confusing to me as a user - I have no idea about an invitation token validation. Just to clarify, the issue was raised because it's not clear to me, as a tester, if the issue is actually an error or a notification/alert. And as a user, I'm not quite sure what I'm do to.

So perhaps, the message could be, "Notice: You are already logged in as another user. Please log out to activate your invitation"

But this also might be an edge case since i'm logged in and logging in as a different instance of myself. That said, perhaps just changing "Error" to "Notice" would suffice here.

[sjDCC]

Yeah that reworked text sounds good @mxsstrong It give the user a clear action to follow and explains why the error / notice is being thrown. I tried the workflow the other day and if you logout then re-click the invitation token it works fine second time round.

[jollopre]

Thanks for the comments. Re-reading the question raised by @mxsstrong on the first comment: "Is this really an error? Yes, according to devise, i.e. there is a filter that checks if an user is signed in before rendering the view that allows you to register given an invitation....

For devise, an error message is described as a flash alert (yellow colour for us) and I think aligns well with the problem encountered. Regarding the message proposed by @mxsstrong, it seems good to me.

Changing the colour to blue is debatable, I personally think is best as it is but let's decide that as a team.

[stephaniesimms]

@jollopre - when I tested the same steps marisa reported above, the link in the email to my GMAIL account directed me to my current logged-in session for my UCOP account. it looks like the invitation token is missing from the link @jollopre (see screenshot below).

the desired behavior is to provide an error/notice message.

[jollopre]

@stephaniesimms, the error message works as expected, see screenshot below:

However, the email sent is not getting the adequate URL for the invitation. It seems to me a deployment problem... The only thing I can think right now is not having the accept_user_invitation_url helper configured. @briri, do you have https://github.com/DMPRoadmap/roadmap/blob/CDL-MVP/config/routes.rb#L38 on your config/routes.rb?

[briri]

@jollopre yes, the line on roadmap-stg matches what is in CDL-MVP

[stephaniesimms]

I tested again @jollopre and i'm still not getting the correct URL for the invitation (screenshot below). the link in the email to my GMAIL account directed me to my current logged-in session for my UCOP account. no error message.

[briri]

I think there is some confusion here. We have 2 possible scenarios:

1. The current user shares their plan with a user who does not have an account in Roadmap. This sends an invitation to create an account (see @mxsstrong original email above)
2. The current user shares the plan with a user who does have an account. This sends a share notification with a direct link to the plan (see the other emails above).

Scenario 2 simply brings you to the plan page if you're logged in or the login page if you're not. Scenario 1 will try to bring you to the invitation page but if you're already logged in it will correctly realize that you have an account and bypass the process.

We could perhaps hack the Devise code to force a logout when reaching the invitation page but I don't think its necessary. The testing we've been doing here isn't something users are likely to encounter normally (inviting themselves and then immediately clicking the invite before logging out).

I vote that we close this one

[stephaniesimms]

i agree that the original bug scenario is an edge case. the only thing that seems to still be an issue in my mind is that the URL in the email invitation does not include an auth token. should it @briri ?

[briri]

No, it shouldn't contain a token in that scenario.

[jollopre]

The issue addresses the type of message that a user receives when: "tries to register, given an invitation token URL but there is another user signed in the tool". @stephaniesimms, if the email you are receiving (a new invitation to join the tool) does not contain that invitation token, it must be something regarding your deploy since on our development environment that works.