From 7d33224f80ea789b6855947740c7ae2b892aea40 Mon Sep 17 00:00:00 2001 From: Frederick Muriuki Muriithi Date: Thu, 15 Aug 2024 12:04:37 -0500 Subject: Reduce UI complexity Providing both the "Enter Verification Token" and the "Send Verification Email" elements of the same user interface seems to confuse users. This commit ensures that the system will provide one or the other, but not both, depending on whether or not there is a pending verification token present for the user. --- gn_auth/auth/authorisation/users/views.py | 19 +++- gn_auth/templates/users/unverified-user.html | 148 +++++++++++++++------------ 2 files changed, 100 insertions(+), 67 deletions(-) diff --git a/gn_auth/auth/authorisation/users/views.py b/gn_auth/auth/authorisation/users/views.py index 0922e1e..8559696 100644 --- a/gn_auth/auth/authorisation/users/views.py +++ b/gn_auth/auth/authorisation/users/views.py @@ -313,14 +313,29 @@ def list_all_users() -> Response: def handle_unverified(): """Handle case where user tries to login but is unverified""" form = request_json() + email = request.args["email"] # TODO: Maybe have a GN2_URI setting here? # or pass the client_id here? + with (db.connection(current_app.config["AUTH_DB"]) as conn, + db.cursor(conn) as cursor): + cursor.execute( + "DELETE FROM user_verification_codes WHERE expires <= ?", + (int(datetime.now().timestamp()),)) + cursor.execute( + "SELECT u.user_id, u.email, uvc.* FROM users AS u " + "INNER JOIN user_verification_codes AS uvc " + "ON u.user_id=uvc.user_id " + "WHERE u.email=?", + (email,)) + token_found = bool(cursor.fetchone()) + return render_template( "users/unverified-user.html", - email=request.args["email"], + email=email, response_type=request.args["response_type"], client_id=request.args["client_id"], - redirect_uri=request.args["redirect_uri"]) + redirect_uri=request.args["redirect_uri"], + token_found=token_found) @users.route("/send-verification", methods=["POST"]) def send_verification_code(): diff --git a/gn_auth/templates/users/unverified-user.html b/gn_auth/templates/users/unverified-user.html index 0ce141d..5005555 100644 --- a/gn_auth/templates/users/unverified-user.html +++ b/gn_auth/templates/users/unverified-user.html @@ -7,69 +7,87 @@ {%block content%} {{flash_messages()}} -

Verify Your E-Mail

- -
- Email Verification - -

In order to reduce the number of bots we have to deal with, we no longer - allow sign-in with users who have not verified their accounts.

- -

We know this is annoying — especially if you already have an account, - and have been using it just fine — however, we have found that without - this check in place, we will get overrun by silly bots, which will ruin - every user's experience.

- -

- Do bear with us, enter the verification code you received via email below: -

- - - - - - -
- - -
- -
- -
-
- -

Send Verification Code

- -
- Send Verification Code - -

If you have not received a verification code, or your code is already - expired, provide your GeneNetwork password and - click the "Send Verification Code" button below and we will send - you a new verification code.

- - - - - - -
- - -
- -
- - -
- -
+
+

Verify Your E-Mail

+ + {%if token_found:%} +
+
+ Email Verification + +

Your email is not verified. We do require that you do.

+ +

Since you are seeing this, it means an email was sent to you with a + verification token, that you are expected to provide below. Please do that + and click the "Verify Email Address" button to verify your + account.

+ + + + + + +
+ + +
+ +
+ +
+
+
+ {%else:%} +
+
+ Send Verification Code + +

Provide your password below, and we will send you a verification password + to your email.

+

You are seeing this page because:

+
    +
  1. You already had an existing account.
    + In this case, you will need to request a verification code by + providing your email below and clicking the + "Send Verification Code" button.
    + We will send you an email with both: +
      +
    1. a link you can click to verify your email, and +
    2. +
    3. a token to copy and paste if you choose not to follow the link. +
    4. +
    +
  2. +
  3. You registered your account recently, but did not verify it within the + time period allocated for that. In this case, simply request a new + verification email below, and follow the link, or copy and paste the + token in the email we send you.
  4. +
+ + + + + + +
+ + +
+ +
+ + +
+ +
+
+ {%endif%} +
{%endblock%} -- cgit v1.2.3