search

Joystream / youtube-synch

YouTube Synchronization
11 stars 9 forks source link

fix: ypp signup flow by allowing more than one captch free memberships if signup workflow fails #317

Closed zeeshanakram3 closed 5 months ago

zeeshanakram3 commented 6 months ago

Fixes the YPP signup flow as mentioned in #314

We have a separate problem which has to do with a flaw in the signup flow, where there is a possibility of a session failing at certain stages, perhaps we can tackle that at the same time?

Problem

Currently, when the signup flow fails after the captcha-free membership is created through YT-synch's POST /membership, during the next signup YT-synch won't allow creating the membership again (as a measure against Sybil attach where any YPP verified user can create infinitely many memberships causing faucet funds to exhaust).

Fix

Instead of allowing the creation of only 1 membership we are allowing to creation a max of n memberships through YT-synch to avoid the problem of the creator not being able to sign up again when the flow fails in the first attempt.

After discussing with Radek we decided to go with this approach of fixing the flow instead of trying to recover the created membership by importing the seed (copied/saved in the previous attempt) in the external signer as that leads to a more complex UX

bedeho commented 6 months ago

we are allowing to creation a max of n memberships through YT-synch

What does it mean if there are multiple memberships existing for one channel, not sure I understand.

zeeshanakram3 commented 6 months ago

What does it mean if there are multiple memberships existing for one channel, not sure I understand.

As far as UX is concerned, the user would only be aware of the most recently created membership, and the same membership will then be used to create an Orion account and Joystream channel, and other previous memberships will be considered orphans (i.e. they won't have any associated Orion account or channel)

For example: In the current workflow this is how the successful signup looks like,

  1. Gleev asks YT-synch to verify the YT channel
  2. YT-synch returns Verification successful response
  3. Gleev shows the seed phrase and asks the user to save it
  4. Gleev asks YT-synch to create a JS membership for the creator by calling YT-synch's POST membership endpoint
  5. YT-synch returns the response that membership was created successfully
  6. Gleev proceeds to create an Orion account & JS channel for the creator

Now if the flow fails after step 5) and the user starts the signup process again (Important to note that the user will be presented new mnemonic each time), then step 4 currently will throw an error because in YT-synch this channel was already verified and a membership was already created (if not for this check any Verified user can create infinitely many memberships)

Now, we are suggesting relaxing this hard limit of 1 membership per verified YT user and say allowing max of 5 memberships to avoid the worst-case scenarios where the flow might fail.

Another possible solution could have been checking if YT-synch has already verified this YT channel & created a membership for it, if yes then ask the user to use the previously saved seed phrase (in step 3) by loading the phrase in the external signer, instead of showing new mnemonic in each attempt.