search

reanahub / reana-ui

REANA UI frontend
http://reana-ui.rtfd.io
MIT License
4 stars 33 forks source link

auth: add email confirmation page #170

Closed mvidalgarcia closed 3 years ago

mvidalgarcia commented 3 years ago

closes reanahub/reana#472

TODO:

Steps to test:

  1. Enable notifications in Helm values.yaml: 
    notifications:
enabled: true
email_config:
sender: admin@reana.io
  2. Sign up a new local user (you should see a success notification)
  3. Check MailDev, you should have received a confirmation email.
  4. Copy the link in the email and replace the hostname and HTTPS->HTTP suitably
  5. Paste it in your favorite browser, you should be redirected to the home page and a notification must show up, error or success, depending on the validity of the confirm token.
  6. Sign in if the email was successfully confirmed.
mvidalgarcia commented 3 years ago 
* After confirming the email and seeing the notification in the top of sign in form, once user logs in the notification bar is still shown. We probably want to clean the notifications once user logs in / logs out. This is not caused by PR, so we can create an separate issue for that.

I'll check if I can clean notifications before sign in. Thanks. Edit: Addressed here

* I noticed that it's possible to confirm other users account while being logged in, not sure if this is expected behaviour?

Interesting, I had never tested that... I see that the confirmation happens, but later an "Invalid token" error is received and the user gets signed out. I'm afraid this is the Invenio behavior (/confirm-email) and there's no much we can do. In principle, this confirm token should only be accessed by the user confirming their email. Not sure if we should open a ticket to keep track of this, although it looks like a very rare corner case to me.

* Also it's possible to confirm already confirmed account, we should probably display some kind of different message in this case?

Changed, pushing soon, it was hardcoded, now we display the message coming from the server, which is something like "You've already confirmed this account" in that particular case.