User story: A poll initiator can mark a poll as "restricted access" and provide a list of email addresses of eligible voters. When pressing "start" on the preview page, each of them is sent a notification automatically via email, containing a private link telling the vodle app the access token for the poll so that the voter can access the poll.
Implementation:
Implement a "key distribution" web-service that receives a request containing the poll couchdb credentials, a "poll keylist id" (different from the usual poll id), and eligible email addresses when the initiator presses "start". The service then generates a key pair for each email address, permutes the list of public keys randomly, stores it in the poll couchdb as a document with id equalling the poll keylist id (this document is mentioned in issue #67), and sends each email address an email containing a magic link that tells the vodle app the poll keylist id and their private key.
The usual invitation message magic link also contains the poll keylist id. Once the user has clicked both magic links, the app looks up the list of eligible public keys, stores it locally, and uses it to verify which voters are eligible as described in #67.
User story: A poll initiator can mark a poll as "restricted access" and provide a list of email addresses of eligible voters. When pressing "start" on the preview page, each of them is sent a notification automatically via email, containing a private link telling the vodle app the access token for the poll so that the voter can access the poll.
Implementation: