MILESTONE -- Account Verification

[jeturcotte]

Users who exist and are able to log into and out of accounts have various reasons why they may need to be able to receive email notifications. This milestone invents the capacity to send our users these messages.

• RESEARCH: https://github.com/szabgab/perl6-Email-Send
  • LEARN about sendmail
  • CONSIDER alternatives
• TASK: establish a means of sending email to the email listed in any given account
  • Install a sendmail interface like the one listed about
  • Create a generic in-cro function that will accept an account and message content and will send that combination as an email
• TASK: Create a data storage for temporary single-use tokens that will be used to help new users verify their accounts
  • Part of the point is to PROVE the email they gave us is real AND belongs to them
  • The other part is to put up an annoying barrier in the way of bots clogging our system with fake accounts
  • Create a data store; you can use SQL or you could try using REDIS
  • Add space to store the account identity and a uniquely generated token
• TASK: create a function that will generate a unique token
  • (consider looking up UUID)
• TASK: create a function that uses the email sending function to specifically sent an account verification email
  • Take in an email
  • Take in a user name
  • Take in a token
  • Generate a 'please verify by clicking here' email template (plain text is fine for now) using these details
    • This template should thank them
    • This template should ask them to verify
    • This template should print a link to /verify/$email/$token$
  • Call the generic email sending function
  • Return success or failure, depending
• TASK: Create a /verify/ endpoint
  • Use POST to recieve /verify/$email/$token
  • Look in the data store for the pairing of email and token
  • If they are present, mark the account as verified
    • and return a thank you html page
  • If not present, do nothing but return a thank you page, too
    • This way bots cannot learn who is or is not in our system

[ajbuchholz]

Hey Josh,

We were looking at the Cro documentation today. A couple of minutes ago we learned that Cro has an Authentication Module. What Peter, Francesco, and I want to do is get together this Monday and rewrite the authentication on the server. After that is done, we will move onto email and two-factor authentication. We just want to make sure that we are doing authentication in the best way possible. So expect commits and such based on authentication. We will still be working out of feature/CRO branch, however it will no longer be "crotest" instead it will be called "cro."

[jeturcotte]

Good find, @HermesTheDev ... go for it.

[ajbuchholz]

Good News. The CRO Authentication Module works sessions and cookies are more secure and way easier now. I commited the stuff to CRO/cro directory

[peteryn]

Adrian and I have been trying to get CRO to send an email for verification.
We have tried

• Email::Simple
• MIME
• LibCurl
  Libcurl leaves us needing an smtp server to deliver messages. We could try to set up an smtp server using google's services but we are limited to 2000 messages a day and we don't want to be dependent on google.

We will keep investigating but we will need help setting up our own smtp server Thursday.

[jeturcotte]

That may well be a @mattva01 question. If we end up dependent on anyone, I'd rather AWS over google.

[ajbuchholz]

TO DO
(Things Currently Don't Work | Still Pushing Changes)

• Verify User (Matching and Updating)
• Figure Out why Usernames are Immortal
• SMTP server not to SPAM (Jeff)
• IRC Chat

[jeturcotte]

What's this about IRC? Will be there tonight

[peteryn]

11/20/19
We are still having issues with seeing what a select statement in raku. We fixed gitignore and we have the update table statement ready.

[ajbuchholz]

11/21/19 Evening Update
Email Verification Now Works. Things we need to do.

• Documentation
• Make sure the user cant sign in until they verify their account
• If account is not verified and the user tries to sign in redirect them to the verify post.

[ajbuchholz]

Everything has been accomplished. We will be working on Documentation and other various things.

[jeturcotte]

OOF, okay... I'll reread a bit and write some new material... maybe even upload a sketch or two.

[jeturcotte]

It's a good time for y'awlz to experiment with creating a pull request; I'm not quite yet ready to start writing out the next one... so if you run out of things to do, do a little research on how anyone may have done unit testing in raku/p6 and play around with that for a bit. I shan't be super long.

[jeturcotte]

We don't want to get too far along without it and then have to endure the backlog of adding them... better if we get in early and add them one by one along the way.