Re: [Demexp-dev] New registration /login protocol

[Augustin]

David,

On Friday 13 October 2006 03:07 pm, David MENTRE wrote:
> If I understood correctly, a new user should first create a Drupal
> account and then ask for a demexp vote account. Correct?

yes, they create the drupal account first. 
then, they either ask for a demexp account, OR say that they already have one, 
and ask for it to be activated.



> > 2- existing Drupal user, existing demexp user.
> > ***********
> >
> > A Drupal user who already has a demexp account (this will be the most
> > common case for the first 40-ish Drupal users, because the current
> > members will be the firsts to register a Drupal account).
> > For them, they are asked to login (thereby proving they know the demexp
> > username and corresponding password). If the login is successful, the
> > account is put on hold, not yet activated.
> >
> > YOU are sent an email. In this email, you have the Drupal user's email,
> > their demexp account name and an activation link with a  key.
>
> Ok, that works (or /nearly/ works ;-).
>
> > If the email you have for the Drupal account is the same as the email you
> > have on file for the demexp account are the same, then you can use the
> > validation key yourself to activate their voting rights on the site. They
> > will see the difference next time they browse the site.
> > You may email them to tell them.
>
> ok.
>
> > If the two emails are different, then you send the activation key with a
> > nice letter, to the email you have on file for the demexp account holder.
> > The user can then activate the account themselves.
>
> Ok.
>
> But what should I do for the first requester that has the wrong email
> (i.e. not in my file)?

I don't understand the question in the context above, that I left un-snipped.
The Drupal user has already proved that they know the account name AND 
password: I checked that they could login on the demexp server.
Either the email they used to create the drupal account is the same email as 
the one you have on file, then you can activate the account yourself. 
Or, the email is different from the one you have on file. In that case, you 
forward the activation key to the email you have on file: this way, the 
demexp account user can activate the account themselves, or.... complain: 
"hey! I never registered on the drupal site!! Who is this guy pretending to 
be me!!".


> > 3- existing Drupal user, new demexp user.
> > ***********
> >
> > A Drupal user who does not have a demexp account yet (it will probably be
> > the most comment scenario when we become popular).
> > They can use the form online to ask for a demexp account.
> > When they submit the form, YOU will receive an email, with their email
> > address, their real, full name (which I do NOT store on the site!), and a
> > small comment with their PGP key is they have one.
>
> Very nice design (the PGP/GPG key and the full name not stored).

yes, but as we just saw, you lost some emails. I.e, the information within it 
is lost. So, I am thinking about a way to TEMPORARILY store this information 
on site, and deleted it once the account is activated.


> > By following the link, you will be asked to enter the demexp account
> > name. Submit and the account name is saved, and the voting rights are
> > activated. You must sent the user an email as usual with the password,
> > etc.
>
> Ok.
>
> What should I do if i *don't* want to activate the account?

I'll add a 'cancel activation procedure' button. 




> > 7- Once setup, the demexp account name cannot be changed. (at least, not
> > now). I.E., it is set up and the account is activated when the identity
> > is verified, but then it stays the same. Without this activation, the
> > user cannot vote on the web.
>
> That might be an issue (not sure). We will see. In the meantime, I
> suppose it is possible to hack the database to fix such issue?

Yes. It can be done manually in the DB. 
More complete procedures can be added much later.

> > 9- When login in, users are given the choice between convenience, or
> > security: remember the password or not. Try the different options, and
> > you will notice several differences of behavior, even after you log out.
> > I store the password on the DB only if they ask me to. This option can be
> > reverted later, and the password will be deleted from the DB.
>
> You mean, the demexp account password?

yes.
when you get your own account, you can try yourself :)





> > Also, take good notice of all the English messages. If we want to
> > translate later on, the English strings must be stable, and clear enough.
> > If we change the English description in the code AFTER the translation
> > has been done, the translation will be lost.
>
> How is the translation handled in Drupal?

with .po files.
It can be done online, too.

>
> Once again, many thanks for the hard work. There are some bugs to fixe
> or small details to polish but overall the design and working seems
> pretty functional to me.

:) pheww! I am happy you like the overall design.
I know it is still a bit rough around the edges, but it's a work in progress.
I can think of several small improvements that'll make your job easier.

I really spend the whole week, full time (and more) on it.

Tell me if you think that one or two details must be fixed in stage 1, 
otherwise I would like to move on to other stuff.


Augustin.


-- 
http://www.wechange.org/
Because we and the world need to change.
 
http://www.reuniting.info/
Intimate Relationships, peace and harmony in the couple.

http://www.gnosis-usa.com/
Revolutionary Psychology, White Tantrism, Dream Yoga...

http://www.masquilier.org/
Condorcet, Approval alternative, better voting methods.