Re: [Demexp-dev] New registration /login protocol

[David MENTRE]

Hi Augustin,

2006/10/11, Augustin <address@hidden>:
> 1- new Drupal user, new/existing demex user.
> ***********
>
> A person want to register at the drupal site and get/set up a demexp account
> at the same time. A few more fields can be added later to allow the user to
> make a request for a demexp account at the same time.
> -> this is not coded yet, as the rest is sufficient for now.

Yes, the current procedure should be sufficient for now.

If I understood correctly, a new user should first create a Drupal
account and then ask for a demexp vote account. Correct?

> 2- existing Drupal user, existing demexp user.
> ***********
>
> A Drupal user who already has a demexp account (this will be the most common
> case for the first 40-ish Drupal users, because the current members will be
> the firsts to register a Drupal account).
> For them, they are asked to login (thereby proving they know the demexp
> username and corresponding password). If the login is successful, the account
> is put on hold, not yet activated.
>
> YOU are sent an email. In this email, you have the Drupal user's email, their
> demexp account name and an activation link with a  key.

Ok, that works (or /nearly/ works ;-).

> If the email you have for the Drupal account is the same as the email you have
> on file for the demexp account are the same, then you can use the validation
> key yourself to activate their voting rights on the site. They will see the
> difference next time they browse the site.
> You may email them to tell them.

ok.

> If the two emails are different, then you send the activation key with a nice
> letter, to the email you have on file for the demexp account holder.
> The user can then activate the account themselves.

Ok.

But what should I do for the first requester that has the wrong email
(i.e. not in my file)?

> There is no confirmation screen when activating the account, but I should add
> one.

You've added one, thanks.

> Apart from husband & wife, and parents & children, I don't know anybody who
> share their email regularly, and especially not with untrusted persons.
> If we can verify the email is the same, or if the Drupal user can use the
> confirmation key in the email you'll send them, then that's the best
> authentication we can do at this stage.

I agree.

> 3- existing Drupal user, new demexp user.
> ***********
>
> A Drupal user who does not have a demexp account yet (it will probably be the
> most comment scenario when we become popular).
> They can use the form online to ask for a demexp account.
> When they submit the form, YOU will receive an email, with their email
> address, their real, full name (which I do NOT store on the site!), and a
> small comment with their PGP key is they have one.

Very nice design (the PGP/GPG key and the full name not stored).

> You will also get a creation/activation key. You must be logged in into your
> own Drupal account to use this key.

Yep.

> By following the link, you will be asked to enter the demexp account name.
> Submit and the account name is saved, and the voting rights are activated.
> You must sent the user an email as usual with the password, etc.

Ok.

What should I do if i *don't* want to activate the account?


> 4- The email of the 'official demexp account manager' is configurable. This
> person also needs a special right to be able to activate the account online.
> David is this person today, the only one to have this right on the site but
> can be someone else later.

Ok. At one point in the future, we will probably need several
'official demexp account managers' on Drupal. But we could use an
alias email for that.

> 5- The system is designed so that the 'official demexp account manager' does
> not know which Drupal user they are activating the account for. So, later, an
> 'account manager' who does not have a direct access to the server, does not
> need to know the real identity the drupal users. Their job is only to manage
> demexp accounts.

Nice design.

> 6- This is important for what may be implemented much later.
> Ketty read my mind earlier this week (or last week). My proposal for a more
> secure account verification protocol, the proposal I said I would tell you
> more about later, DID include setting up something that could become a third
> party account verification system.... but I still don't want to talk about
> details now (we still have much more urgent work to do).

Ok. This is interesting stuff where I don't know much.

> 7- Once setup, the demexp account name cannot be changed. (at least, not now).
> I.E., it is set up and the account is activated when the identity is
> verified, but then it stays the same. Without this activation, the user
> cannot vote on the web.

That might be an issue (not sure). We will see. In the meantime, I
suppose it is possible to hack the database to fix such issue?

> 8- The same demexp user name can only be used once in the drupal site.

Ok.

> 9- When login in, users are given the choice between convenience, or security:
> remember the password or not. Try the different options, and you will notice
> several differences of behavior, even after you log out. I store the password
> on the DB only if they ask me to. This option can be reverted later, and the
> password will be deleted from the DB.

You mean, the demexp account password?

Once again, nice design.

> 10- Technically, I no longer use the profile.module for this. Its behavior was
> a bit buggy, and not flexible enough for this. I have create my own
> demexp_users table in the DB and handle it directly.

ok.

> 11- When browsing the site, reload the page so you download the updated
> version of style.css.

ACK

> Please, do try to test all options. Try entering the wrong username, the wrong
> password, etc... If you do anything wrong, the system should handle it
> properly.

I've started that. ;-)

> Also, take good notice of all the English messages. If we want to translate
> later on, the English strings must be stable, and clear enough. If we change
> the English description in the code AFTER the translation has been done, the
> translation will be lost.

How is the translation handled in Drupal?


Once again, many thanks for the hard work. There are some bugs to fixe
or small details to polish but overall the design and working seems
pretty functional to me.

Best wishes,
d.