Skip to content
This repository has been archived by the owner on Feb 8, 2018. It is now read-only.

Email - Part 1 #2752

Merged
merged 107 commits into from
Dec 9, 2014
Merged

Email - Part 1 #2752

merged 107 commits into from
Dec 9, 2014

Conversation

rohitpaulk
Copy link
Contributor

Work in progress.

Read #2312.

Send verification email on email add/change
Add new page for verifying email.

Once this is merged, existing users will be able to add a verified email to their Gratipay account.

  • Add emails table.
  • Create a verification endpoint. Check for correct hash, and time < 24 hours(?).
  • Add UI to show verification status on account page
  • Add resend verification email button, and corresponding notifications
  • Create mandrill test key for Gratipay (need help here)
  • comprehend security concerns wrt injection into email templates
  • send notification to old email address
  • standardize on nomenclature: "confirm" vs. "verify"
  • i18n for emails (skip for now)
  • i18n for callback (skip for now)
  • review and improve success/failure messaging on callback
  • add uniqueness constraint to email address
  • use email instead of email_address (ref) IRC
  • sort emails by status (primary, verified, unverified) then alphabetically (ref)
  • record status switches in events (ref)
  • allow to hit enter when entering an email address (ref)
  • throw "already attached" error when first adding an email, not just when verifying (but also throw it then, of course) (ref)
  • fix bug with account merging (ref)—Fix safely_reserve_a_username #2981
  • decide if we actually have a sign-out bug on this PR (ref)—reticketed signing out from certain pages fails falsely #2991
  • allow user to dismiss email cta permanently (ref) IRC
  • make sure we're going to be able to pledge to emails with this schema (ref)
  • confirming a second email address shouldn't change which is primary (ref, ref)
  • verification should land me back at accounts/#email with a notification rather than a separate page that is two clicks from where I started (ref, ref)
  • merge emails during account take over (ref)
  • connecting the same address twice should say as much (currently says "connected to a different account")
  • "Success" and "Failure" notifications are too generic. Let's be more specific.
  • text/plain messages have too much leading whitespace (IRC)
  • don't choke on verification of email addresses with a + in them. (ref)
  • adding an already-added email shouldn't refresh page (ref)
  • is there a bug re: one non-primary account? (ref)
  • make me sign in to complete verification (ref)
  • add a "Resend verification email" button to the Verification Failed page (ref)
  • make sure we're sending a notification to the old address

After this is merged, we'll have to:

  • Utilize the elsewhere email addresses and (ref) those in the email column to send initial verification emails—this is in branch.py.
  • Delete the email column once the above step is done.

@rohitpaulk rohitpaulk added this to the Email milestone Sep 9, 2014
@rohitpaulk
Copy link
Contributor Author

Testing Mandrill - success 😄

screenshot from 2014-09-10 01 25 42

@clone1018
Copy link
Contributor

!mmmmmm @rohitpaulk

@rohitpaulk rohitpaulk force-pushed the email-step-1 branch 2 times, most recently from de55e51 to eae6c00 Compare September 10, 2014 18:31
@rohitpaulk
Copy link
Contributor Author

grati1

When a user adds an email or changes to a different one -

grati2

User receives an email with a link (Better formatting to be done)

grati3

Clicks on the link, taken to gratipay

grati4

Unverified label not shown under account page

grati5

@chadwhitacre
Copy link
Contributor

Nice! Keep up the great work! :-)

@seanlinsley
Copy link
Contributor

💙 💛 💚

@rohitpaulk
Copy link
Contributor Author

@clone1018 @seanlinsley @whit537 - Looks like this is done :) Any thoughts on improving the email text?

@chadwhitacre
Copy link
Contributor

Rebased on master.

@rohitpaulk
Copy link
Contributor Author

These errors are occurring because the Mandrill keys aren't set properly (I deleted mine as they were interfering with my sender reputation on Mandrill)

@chadwhitacre
Copy link
Contributor

Tests pass now.

@chadwhitacre
Copy link
Contributor

But this is a test key, which doesn't actually send mail. If you want to test that you have to set up your own key.

@Changaco Changaco force-pushed the email-step-1 branch 4 times, most recently from 15d7692 to b66bafe Compare October 3, 2014 14:56
@Changaco
Copy link
Contributor

Changaco commented Oct 3, 2014

I think this is ready for final review.

@chadwhitacre
Copy link
Contributor

How do I remove my email address? I don't see an "X" like with accounts elsewhere. I tried entering the empty string but got a failure message. Do we want to support removing an email address?

@chadwhitacre
Copy link
Contributor

I'm thinking about the format of our email messages. Do we want fancy HTML messages with images? Probably.

@chadwhitacre
Copy link
Contributor

  1. Don’t use false or misleading header information. Your “From,” “To,” “Reply-To,” and routing information – including the originating domain name and email address – must be accurate and identify the person or business who initiated the message.
  2. Don’t use deceptive subject lines. The subject line must accurately reflect the content of the message.
  3. Identify the message as an ad. The law gives you a lot of leeway in how to do this, but you must disclose clearly and conspicuously that your message is an advertisement.
  4. Tell recipients where you’re located. Your message must include your valid physical postal address. This can be your current street address, a post office box you’ve registered with the U.S. Postal Service, or a private mailbox you’ve registered with a commercial mail receiving agency established under Postal Service regulations.
  5. Tell recipients how to opt out of receiving future email from you. Your message must include a clear and conspicuous explanation of how the recipient can opt out of getting email from you in the future. Craft the notice in a way that’s easy for an ordinary person to recognize, read, and understand. Creative use of type size, color, and location can improve clarity. Give a return email address or another easy Internet-based way to allow people to communicate their choice to you. You may create a menu to allow a recipient to opt out of certain types of messages, but you must include the option to stop all commercial messages from you. Make sure your spam filter doesn’t block these opt-out requests.
  6. Honor opt-out requests promptly. Any opt-out mechanism you offer must be able to process opt-out requests for at least 30 days after you send your message. You must honor a recipient’s opt-out request within 10 business days. You can’t charge a fee, require the recipient to give you any personally identifying information beyond an email address, or make the recipient take any step other than sending a reply email or visiting a single page on an Internet website as a condition for honoring an opt-out request. Once people have told you they don’t want to receive more messages from you, you can’t sell or transfer their email addresses, even in the form of a mailing list. The only exception is that you may transfer the addresses to a company you’ve hired to help you comply with the CAN-SPAM Act.
  7. Monitor what others are doing on your behalf. The law makes clear that even if you hire another company to handle your email marketing, you can’t contract away your legal responsibility to comply with the law. Both the company whose product is promoted in the message and the company that actually sends the message may be held legally responsible.

CAN-SPAM Act: A Compliance Guide for Business

@chadwhitacre
Copy link
Contributor

If it contains only transactional or relationship content, its primary purpose is transactional or relationship. In that case, it may not contain false or misleading routing information, but is otherwise exempt from most provisions of the CAN-SPAM Act.

@chadwhitacre
Copy link
Contributor

I'm working on the design of the emails:

screen shot 2014-10-06 at 3 26 40 pm

""", locals())
self.set_attributes(email_address=email)

def verify_email(self, email, nonce):
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We are we using different error handling patterns here? We return in most cases, but we do raise once as well.

Why are we using complicated nesting?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed in a79ed2f and dd61c5b.

chadwhitacre added a commit that referenced this pull request Dec 9, 2014
@chadwhitacre chadwhitacre merged commit ba26bbe into master Dec 9, 2014
@chadwhitacre chadwhitacre deleted the email-step-1 branch December 9, 2014 18:23
@chadwhitacre
Copy link
Contributor

💃

@chadwhitacre
Copy link
Contributor

I sent a test message from our production Mandrill account using their dashboard, and it comes through all right:

screen shot 2014-12-09 at 1 36 51 pm

@chadwhitacre
Copy link
Contributor

I verified that we have MANDRILL_KEY set properly in production.

@chadwhitacre
Copy link
Contributor

I just reviewed our sending options:

screen shot 2014-12-09 at 1 47 14 pm

@chadwhitacre
Copy link
Contributor

I reviewed all of the settings in Mandrill.

@chadwhitacre
Copy link
Contributor

I deleted an (oauth?) app because I don't think we need it. We just need to post to their API.

@chadwhitacre
Copy link
Contributor

IRC

@chadwhitacre
Copy link
Contributor

Ran branch.py for admins:

[gratipay] $ heroku config -s | honcho run -e /dev/stdin ./env/bin/python branch.py > branch.log
[gratipay] $ cat branch.log 
sending email to rohitpaulk (1/4)
sending email to seanlinsley (2/4)
sending email to whit537 (3/4)
sending email to clone1018 (4/4)
[gratipay] $

@chadwhitacre
Copy link
Contributor

screen shot 2014-12-09 at 2 24 32 pm

@chadwhitacre
Copy link
Contributor

Mails sent! branch.py pruned in a1d7d9f.

@chadwhitacre
Copy link
Contributor

Regressions: #2994/#2996, #2995, #2997

@chadwhitacre
Copy link
Contributor

The first three batches of emails have gone through. We're at 140 verifications out of 747 deliveries = 10%.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants