search

cpan-testers / CPAN-Testers-Common-Client

Standard Client for CPAN Testers
5 stars 5 forks source link

Allow people to change their personal data (e.g. name) in reports #17

Open garu opened 6 years ago

garu commented 6 years ago

Once updated, old and new reports shown on cpantesters.org should reflect it.

This is probably going to require a new API endpoint on the backend, but it's an important change nonetheless!

preaction commented 6 years ago

If we're talk about Metabase compatibility, I'm not sure if any current client can do this, or if Metabase could do this. There were some lines in the Metabase webapp code about updating existing reports, so we can see if any current client does this when updating a profile (with all the duplicate Metabase profiles I've been finding, I'm almost positive they do not).

For the new API, sending new reports with new profile data is fine. But updating old reports to set the tester's information isn't possible yet, like you said. I can some APIs for searching reports by tester, and an API so that a client can send patches to those reports (so you only need to send the data that's updated, not a copy of the whole report with the updated data).

But, before we allow that, we would absolutely need an authentication scheme, or else anyone would be able to update anything at any time (a bit more dangerous than our current "anyone can submit anything at any time"). There'd need to be an API to set up an account, with a profile and a passphrase/shared key. Then we'd need some other things:

  1. An authenticated account can edit any reports that were submitted while authenticated. So on my end, I'd need to keep track of the account used to submit the report. Reports could still be submitted anonymously (without a verified account, just with a name/email)
  2. An account could verify e-mail addresses that belong to them, and then they gain access to edit any test report submitted with that e-mail address. I'd need a way to start the verification process (either API or website, probably website).

The authentication token would need to be sent with each report. My initial instinct is to make this in to a JSON Web Token, but I will likely need to do some research: The Perl NOC has been trying to move everything to Auth0, so it would be a good thing for us to use Auth0 for authentication as well.

I'll spend some time in the coming weeks to build the list of tasks (as tickets) on the server side that need completion to start attempting this, and link them to this ticket. But I think it would be of great value, and most of the tasks have value for other reasons as well.