jonodrew
commented
2 years ago This is being worked on with #104
Closed jonodrew closed 2 years ago
jonodrew
commented
2 years ago This is being worked on with #104
jonodrew
commented
2 years ago Key question for me here is: how to secure the key that we're given.
jonodrew
commented
2 years ago Encrypting the API key and putting it in the cookie would enable us to generate a preview of the email(s), but carries risks:
SECRET_KEY is exposed, any cookie that has the encrypted API key is at riskSECRET_KEY is insufficiently secure, any cookie that has the encrypted API key is at riskI'd rather treat this like a credit card number: have the user put it in directly at the point it'll be used, and never let it anywhere near the cookie. However, this does mean that we can't generate a preview.
jonodrew
commented
2 years ago I think this also means we need some content at the front of the service that says
This service is integrated with Notify. If you'd like to use Notify, you'll need an API key. So that we don't keep your API key for any longer than necessary, you won't get a chance to preview your messages before they're sent. We recommend that you test your Notify templates with an [example output file](link to an example file)
We can replicate it in the Notify journey, but I really don't want users to get to the end, with the clock ticking, and realise they can't even test it.
The other option is to get users to also grab a test key from Notify, which we can use in a cookie because it can't send emails but it can create previews. Any thoughts @johnpeart ?
johnpeart
commented
2 years ago I agree with you – let's treat this as a high-risk scenario. If showing previews increases the attack surface for a data breach, let's not increase the size of the surface!
The test key route feels like a nice additional touch, but it feels like gold plating right now that will add further complication to a UI that is already complicated because of needing to provide 6 keys and ID codes already.
So let's add the additional text! Where do you think we should add it? On the start page?
We could also add default templates for Notify to the docs; I can pick this up as part of #113.
jonodrew
commented
2 years ago Yes, I think the start page is best. I've put some content on a new page as a starter - we can drop that page once the whole journey is clearer.
The other outstanding question is how we get from the matching workflow to the notification workflow. At the moment, if you download the matches the system auto-deletes them. However, I think the addition of the notification workflow means some users will want to download the matches, check they're happy with the proposed selections, and then send them. We should be able to meet this user need, while also continuing to delete matches where users are finishing their journey.
We could:
johnpeart
commented
2 years ago The other outstanding question is how we get from the matching workflow to the notification workflow. At the moment, if you download the matches the system auto-deletes them. However, I think the addition of the notification workflow means some users will want to download the matches, check they're happy with the proposed selections, and then send them. We should be able to meet this user need, while also continuing to delete matches where users are finishing their journey.
We could:
- apply the "delete in x minutes" pattern, whether the user downloads the matches or not <- my preferred
- have something in the interface that asks if a user is downloading to preview or end their journey, and then acts accordingly
We should discuss this – is there another issue on this yet or shall I create one?
jonodrew
commented
2 years ago Needs a new issue I think. Would you mind creating one?
jonodrew
commented
2 years ago johnpeart
commented
2 years ago You beat me to it! Sorry – I am not as on top of my Github notifications as you (probably by virtue of not being in Github for the day job!)
Users should be able to use Notify to send the results out
Not in scope: other mailing platforms