Open gabrc52 opened 1 year ago
https://ux.stackexchange.com/a/94662
This might be best. It is more transparent. I'd like to autoselect yes for classes, but the best thing to do is no, but if someone just clicks next without reading then they won't, which is also not ideal.
Also: https://ux.stackexchange.com/questions/141170/are-enabled-checkboxes-and-radiobuttons-dark-pattern
Original comment: https://github.com/sipb/uplink/issues/7#issuecomment-1382676450
Terms and conditions when signing up
Moving from https://github.com/sipb/uplink/issues/7
Matrix/Synapse have an optional feature where users have to accept terms and conditions when signing up:
Write those terms and conditions. These should probably not be legal terms, just some general guidelines like don't harass people, respect MIT policies, end-to-end encryption is a thing and use it otherwise we can't guarantee the privacy of your messages:
This is tied to #6.
Consenting to Moira list integration
In the linked terms and conditions, add that you agree to give permissions to the moira list integration.
I was originally thinking 2 things: agree to being added for the other moira lists, and one for the Canvas lists. But now I think the former isn't needed for 2 reasons:
people just add you to workspaces and no one asks you if you want to be in them (i.e. Orientation workspace). We are simply allowing mass-adding based on Moira lists, so the feature is still the same.nvm apparently you do get email invites. Either way, if they are sent as Matrix invites, it should be equivalent. The matrix invites are public, but this isn't an issue because of 1.So I would just add one more checkbox: "Automatically add me to the group chats of the classes I'm in", and make it OFF by default.
Now for implementation, there are 2 options, both by editing the sso_new_user_consent.html template:
❌
1. Send the opt-in via JavaScript✅ 2. Change the POST endpoint, and write some code that captures the consent and saves it somewhere. I think this is more reliable, because the JavaScript may fail (unlikely, but what if the user clicks the checkbox and then instantly submits before the JS runs? or if there is a JS error it will just go to the console and silent etc). Then do a 307 redirect to the original endpoint.❌
a) Use PHP❌b) Use some Python CGI thing✅ c) Synapse plug-ins are allowed to get their own endpoints. This would require knowing how to use Twisted (the framework that Synapse uses for web stuff)^ Still on the question because we don't know if we'll be able to change the display name from the plug in... (can combine with previous method)
Hmmm what if: Make an event spam checker and if the user changed their name, mark the initial name set event as spam. Might not work necessarily tho. If the source code must be changed, it is best to do so but make a pull request so that everyone can have this. As a test pull request but also helpful, it should not be hard to do one that lets you change the name "SAML" into something like "Touchstone" or "kerb" or "MIT account", and set an icon, and set confirm_localpart because it is customizable for OIDC but not SAML or CAS.