search

softwaresaved / lowfat

The Software Sustainability Institute's low effort Fellowship Administration Tool (lowFAT). Contact: @gperu
https://softwaresaved.github.io/lowfat/
Other
11 stars 3 forks source link

Duplicate profile - merge profile #574

Open gperu opened 4 years ago

gperu commented 4 years ago

Suggestion about implement in lowFAT a feature present in AMY (https://github.com/carpentries/amy). We are friends with aMY's team and we can ask advice.

rainsworth commented 4 years ago

Conversation on Slack on 05/05/2020:

@rainsworth : I get the feeling that duplicate accounts are being created when users forget their passwords and attempt to log in with github (although this is just a guess). Is there a way to disable the log in with github feature? I feel like it just causes more hassle. Very happy to hear arguments to keep it, but would also like to hear how to stop it from being a burden on us!

@jag1g13 : Ah, I hadn't thought about that. I'd assumed that everyone was authenticating with GitHub accounts already. If it's creating them a second account via GitHub, that would explain why so many people were affected. I can disable it, but anyone who initially used GitHub to login won't have a password so will have to trigger a password reset. They may not have emails set either, I'll have to check that

@rainsworth : What happened this year, was I created all their accounts with the emails they applied for the fellowship with, and then sent them instructions for resetting their passwords.

@gperu : Argument in favour of Github login: it’s cool

@rainsworth : I do agree. And if there is a way to link the accounts then great - but I think the problem arises when the user has a different email addressed registered to github than to lowfat?

@jag1g13 : When allowing authentication with an external provider, you would usually link accounts by email address. However, that only works if people use the same email address for GitHub as they did for their LowFAT account. This is probably true here (hopefully...), but caused loads of problems in uCONFLY (I assumed most people would use their institutional email address as their Google id, but almost everyone actually had a @gmail.com id)

@shoaibsufi : how much engineering would be needed to link accounts - GitHub is cool - and I use it to stop proliferation of logins but I can see it causes no end of trouble - other sites have the same problem I have about 3 accounts on Microsoft and it can get confusing. On the other side - many folk have password managers now so perhaps it's not as much of a crisis as it once was We don't have a tonne of engineering effort here - so yes turning GitHub off would be uncool - but might make lowfat more sustainable Because money is involved - I don't think people will complain too much about not having GitHub - but it might be an effort to do it all at once - perhaps we can turn it off for new registrations and allow it for existing ones as we migrate the 'busy' Fellows - i.e. 2019 and 2020 and then on a case by case basis. For joining account I understand we have a method now? Or is that wrong - i.e. not linking but updating the users in the db to just one of the ones people have signed up with rather than two

@rainsworth : I think there are so many different cases that it is difficult to have a "method" - there's definitely not a one size fits all. In some cases, where there is a duplicate account with zero activity on it (ie no linked funding requests, expense claims, etc.), I delete the duplicate account (this is usually if a fellow has created multiple accounts due to trying to register with different emails, github, etc). For cases where there is a lot of activity on both/multiple accounts, then the quick fix is to change all the claimant/user slugs so they are all unique (but then you still have the issue of multiple accounts for the same person). For cases where there is a small amount of activity on a duplicate account, when I have time I reassign the funding requests/expense claims/emails/etc. to the more active account, and delete the duplicate. This is only for fellows, and I'm creating a list of people I've never heard of who have multiple accounts but zero activity to ask if we can remove them. But of course this cycle will never end if people are still able to keep creating duplicate accounts, and it's wrecking havoc with the slugs.

@shoaibsufi : I think to keep things simple we need a plan to get from where we are GitHub+email/user login -> email/user login only (we will need to give them a feature to change email address though - as they do move around - so perhaps a username based login is best)

@jag1g13 : Am I correct in thinking that the way new accounts are supposed to be created is to get them to attempt a login with GitHub, then an admin authorize them?

@rainsworth : What I did for fellows, was create the accounts for them, and then send them the password reset page to access their accounts. I didn't give any instructions for GitHub as not everyone uses GitHub. (Although some fellows went ahead and tried to log in with GitHub, which I believe is what created duplicate accounts)

@shoaibsufi : So back in the day - a form was put together asking people how they would prefer to login to lowFAT - https://docs.google.com/forms/d/1uA60pidklDUsJKRTJovRPOaJcXzL931eXttwpDasTMw/edit and then Raniere emailed each person individually to help with setup But any change to non-Github would require going to everyone who has it and asking them to choose a username instead - or linking of accounts (some how).

@rainsworth : These were the instructions Raniere sent to us 2019 fellows, which was then what I did for the 2020 fellows.

Screenshot 2020-05-21 at 10 50 11