Handle "you're already in the database but another person is logged in" issue for Zotero

[erose]

Mia says leave this for now because it's an edge case. Basically, looking for a way to programmatically tell who's currently logged in to Zotero. Check the API docs for a way to do this: http://www.zotero.org/support/dev/server_api/v2/read_requests. Otherwise, we could do something hacky like scrape the zotero URL before we redirect the user there.

[mialondon]

I don't know if this is meant to trigger it, but while logged into Zotero I put in another username and was put through the 'New Private Key' process without any errors being triggered. OTOH, it didn't recognise that I'd put in one username and was being linked to a different library, but I'm not sure if that was actually the use case you were describing.

I think it's your call on whether we pursue this or just log it as a 'known possibly issue'...

[rlskoeser]

Ha. I'm pretty sure I know what is going on here after all my digging into oauth to get zotero to work with django-social-auth. I'm pretty sure we don't actually use the username that goes into the form, except as a cue for triggering zotero logic instead of text input logic. The code now actually uses the zotero user id & username that come back via oauth when it makes the request (and we dropped the db stuff because it was problematic).

We probably need to revise this so it's just a button or a link with no input; and/or once you're logged in, we could provide some kind of interface (drop-down?) to select collections, but we may want to leave it until we integrate the new zotero auth code.

[mialondon]

Would it be too fussy to give a clue, like 'welcome back $username! Not you? Log out of Zotero'

[rlskoeser]

Nope, good idea. We'll need to give people an indication that they're logged in and a logout link anyway.

[mialondon]

Assuming this is still relevant given other changes, can this be resolved quickly or should it go into the November update?

[rlskoeser]

I don't think this bug is relevant either in the current code (because we're not storing users in the database) or the revamped zotero workflow because that will use proper oauth login/logout and should not prompt users to enter a zotero username on serendipomatic.org. I think we can go ahead and close it, right? Maybe just propagate the notes about making sure to have welcome/logout text somewhere they will be seen as we work through the new zotero implementation?

[mialondon]

Written into #148