Send email from user server

[kentquirk]

We have a couple of reasons why we need to be able to send emails from the user API:

• To recover a password
• To authenticate an account on first signup
• To manage invitations to join a care team (either for existing users or for new users)
• After successful login or other events (we need a way to specify the criteria for selecting people to get the mail, and an ability to trigger them daily)
• [ ] Find a way to send templated emails (either a third party service or standing up our own email sender)
• [ ] Build an interface to trigger them within the user API
• [ ] Implement invitations to join a care team
• [ ] Implement account authentication
• [ ] Implement password recovery
• [ ] Implement post-account-creation emails based on criteria

Trello: Send e-mails from user server

[cheddar]

Amazon has SES, which would be the simplest method of setting up email.

The question, though, is whether it falls inside the BAA (I don't believe it does). There's also another question of maintaining HIPAA compliance over email as I don't believe it's possible to actually encrypt them (you can send them over TLS to your mail server, but we cannot control how the various relays out on the internet choose to forward it around, I don't think).

So, if we have to assume that email is insecure from the beginning, perhaps we have to ensure that messages are safe to fly in the clear from the application layer and thus the BAA doesn't matter?

[kentquirk]

You're correct that it doesn't fall inside the BAA -- but yes, given the nature of email anyway, what that means for us is that we have to make sure the messages are safe. So our wording will have to be careful anyway.

[brandonarbiter]

@kentquirk @cheddar @HowardLook Guys what's the status of this issue? Is it done? Are we planning to have it ready before pilot (P1)? Develop during pilot (P2)? Or backlog for later on?

[cheddar]

@brandonarbiter I don't believe it's a requirement for pilot, because no features required for pilot also requiring emailing users. As soon as we have a feature that requires emailing things out to people, this will become important.

[kentquirk]

Right. This is one of the first things we work on post-pilot -- it is for:

• Forgotten passwords
• Initial signup
• Notifications via email of events (messages)

On Fri, Apr 25, 2014 at 8:05 AM, cheddar notifications@github.com wrote:

@brandonarbiter https://github.com/brandonarbiter I don't believe it's a requirement for pilot, because no features required for pilot also requiring emailing users. As soon as we have a feature that requires emailing things out to people, this will become important.

Reply to this email directly or view it on GitHubhttps://github.com/tidepool-org/hub/issues/14#issuecomment-41402797 .

Kent Quirk VP of Engineering, Tidepool

Tidepool is an open source, not-for-profit effort to build an open data platform and better applications to reduce the burden of Type 1 Diabetes.

[brandonarbiter]

P2

Great. We'll assign it P2, indicating it's a functional changed desired during the pilot, but is not a requirement to launch pilot. Thanks!

Brandon Arbiter VP, Product + Biz Dev Tidepool http://www.tidepool.org | brandon@tidepool.org 917.536.0505 (m)

On Sat, Apr 26, 2014 at 12:39 AM, Kent Quirk notifications@github.comwrote:

Right. This is one of the first things we work on post-pilot -- it is for:

• Forgotten passwords
• Initial signup
• Notifications via email of events (messages)

On Fri, Apr 25, 2014 at 8:05 AM, cheddar notifications@github.com wrote:

@brandonarbiter https://github.com/brandonarbiter I don't believe it's

a requirement for pilot, because no features required for pilot also requiring emailing users. As soon as we have a feature that requires emailing things out to people, this will become important.

Reply to this email directly or view it on GitHub< https://github.com/tidepool-org/hub/issues/14#issuecomment-41402797> .

Kent Quirk VP of Engineering, Tidepool

Tidepool is an open source, not-for-profit effort to build an open data platform and better applications to reduce the burden of Type 1 Diabetes.

Reply to this email directly or view it on GitHubhttps://github.com/tidepool-org/hub/issues/14#issuecomment-41462431 .

[brandonarbiter]

@skrugman do you want to take a stab at what our automated emails to users should look like? @kentquirk @cheddar what kind of flexibility do we have to template these?

Cc: @HowardLook @cmakler

[kentquirk]

We will have email templates that can embed variables.

It will be something like:

Dear %shortname%:

We have received a request to reset your password for Tidepool.org. If you wish to reset your password, please click this link (or copy and paste it into your web browser): %passwordresetlink% You must do so before %expirationtime% or this link will expire. If you did not request a password reset, or you no longer wish to reset it, you can ignore this message.

But it may be easier on Sara if we create the templates when we write the code, and then other people can wordsmith them.

On Sat, Apr 26, 2014 at 1:07 PM, brandonarbiter notifications@github.comwrote:

@skrugman https://github.com/skrugman do you want to take a stab at what our automated emails to users should look like? @kentquirkhttps://github.com/kentquirk @cheddar https://github.com/cheddar what kind of flexibility do we have to template these?

Cc: @HowardLook https://github.com/HowardLook @cmaklerhttps://github.com/cmakler

Reply to this email directly or view it on GitHubhttps://github.com/tidepool-org/hub/issues/14#issuecomment-41479327 .

Kent Quirk VP of Engineering, Tidepool

Tidepool is an open source, not-for-profit effort to build an open data platform and better applications to reduce the burden of Type 1 Diabetes.

[brandonarbiter]

@kentquirk I meant flexibility from an aesthetic perspective, rather than a parameterized text perspective. Sorry for the confusion.

[kentquirk]

Ok. They can be HTML emails eventually, but I'd prefer to start with plain text until we get the systems built.

On Sat, Apr 26, 2014 at 2:25 PM, brandonarbiter notifications@github.comwrote:

@kentquirk https://github.com/kentquirk I meant flexibility from an aesthetic perspective, rather than a parameterized text perspective. Sorry for the confusion.

Reply to this email directly or view it on GitHubhttps://github.com/tidepool-org/hub/issues/14#issuecomment-41481356 .

Kent Quirk VP of Engineering, Tidepool

Tidepool is an open source, not-for-profit effort to build an open data platform and better applications to reduce the burden of Type 1 Diabetes.

[brandonarbiter]

Ok, in that case we don't need design input from @skrugman at this point.

[skrugman]

Okay. Sounds good. The email template @kentquirk wrote looks good to me.

On Sat, Apr 26, 2014 at 11:43 PM, brandonarbiter notifications@github.comwrote:

Ok, in that case we don't need design input at this point.

Reply to this email directly or view it on GitHubhttps://github.com/tidepool-org/hub/issues/14#issuecomment-41481890 .

[kentquirk]

The issue Brandon just linked is a new use case, which I have added to the checklist at the top.