ebroder
commented
9 months ago Worth noting that this also makes sure we don't accidentally onboard people with invalid email addresses, which will probably make @flipdog's life easier.
Open ebroder opened 2 years ago
ebroder
commented
9 months ago Worth noting that this also makes sure we don't accidentally onboard people with invalid email addresses, which will probably make @flipdog's life easier.
flipdog
commented
9 months ago I think it's a bit of a double-edged sword if we do that though, especially for the purposes of adding people to mailing lists and Discord channels. A lot of folks do the signup survey but then don't login to JR until after the hunt starts, so they'd miss a lot of pre-hunt messaging.
It might still be worth it in the long run, and this may only be a problem with D&M/Mystery Hunt specifically, but we'd have to create a culture around accepting the invite (or have automated invite reminders?) It might also be helpful in that case to have a "invited, has not accepted" section in the list of hunters.
ebroder
commented
9 months ago I guess, if we solved #495 (which we probably need to do for the broader open hunt creation project), we could require that our solution have mailing list archives?
flipdog
commented
9 months ago That's potentially true. I actually wonder if the better answer to 495 is just dropping email list support entirely. For Mystery Hunt/D&M, it would require a little bit more work managing the email comms, but it would probably more realistically match the use cases of smaller hunts and smaller teams.
flipdog
commented
9 months ago I think actually regardless of where you land on 495, the more useful feature would be a list of "invited, hasn't accepted" email addresses. Then if they're not added to the email list/discord, I can at least see all those people and either ping them to accept the invite, or just forward any important comms along.
(Copying directly from @zarvox's comment on #629)
We should [...] think about the lifecycle around joining a hunt -- today, when you're invited to a hunt, the hunt gets added to your user object immediately, without you taking any action, but if sharing a hunt with someone means revealing profile information, then an attacker that knows a target's email address can gain access to the rest of their profile by inviting them to a hunt, and there's no way to leave a hunt.
I could imagine making hunt member a two-step invitation flow, where both the inviter and the invitee must indicate their desire for the invitee to join a hunt before it happens? That would add some friction, but be more resilient to the described attack.
(I'm going to explicitly keep leaving a hunt out of scope for this issue, although it may be a good wishlist item for the future)