Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

don't require twitter #235

Merged
merged 204 commits into from
Feb 10, 2023
Merged

don't require twitter #235

merged 204 commits into from
Feb 10, 2023

Conversation

colons
Copy link
Member

@colons colons commented Dec 12, 2022
edited
Loading

authentication stuff:

  • allow new local accounts to be created with usernames and passwords
    • don't allow creation of local accounts with usernames that match the @ of any existing request that has not had its account claimed by a local user
  • allow new local accounts to be created with twitter authentication
  • allow existing local accounts to adopt twitter accounts (and their request history) by authenticating with them
    • only allow this once
  • unify user pages
  • make stats correctly rank the two different kinds of Voter, without duplicates (continue from e67d3a8)
  • allow existing local accounts to adopt password login when they're only using twitter auth
  • extend the tests (i will do this over time. it cannot ever be completed):
    • hit every page as a user with/without both twitter auth and a usable password
    • add more fixtures for users in different states. look at all their profiles
    • test our hyper-specific twitter auth flow and its error messages
    • hit every page as an elf and not an elf, where possible
  • always make a profile object against users when they are created or accessed
  • resolve every new XXX comment
  • remove every tweepy import
  • enforce good passwords. django has tools for this.

user management:

  • make sure being authenticated doesn't provide access to staff- or elf-only features (this might require creating a elf group?)
    • the check metadata view
    • /vote-admin/requests/
  • stop logging the contents of forms protected by trivia by default
  • allow profile editing
  • allow password editing
    • provide a form that's not the stock django admin one
  • make the profile editing form not look super broken when an avatar is set
  • have a placeholder avatar that isn't noise.png
    • apply it to unlinked TwitterUsers, too

basic workflow:

  • change request links to point to a request form instead of a twitter intent

moderation tools:

  • support, at the very least, the same condemn controls that are allowed for twitter users

communications:

  • update the readme to explain how things work now
    • explain how it differs from the way things used to be (not done, see 993bbc2 for my thoughts on why this was a bad idea)
  • probably go on the show to talk about this

@colons
Create a way to represent a local request.
4a76b50
@colons
Adopt PEP 673 a little.
04c6900
@colons
Actually, don't adopt PEP 673 at all.
d2bc55d 
mypy isn't ready yet, and im not convinced it matches these purposes
anyway.

This reverts commit 04c6900.
@colons
Placate flake8.
30cb4d1
@colons
Create a Profile model for storing nkdsu-specific user information.
dd21e70
@colons
Placate mypy.
a186cf9
@colons
Fix some version specs in the requirements file.
c0d205d
@colons
Update some requirements.
9b3860b
@colons
Allow profile display names to be empty.
5709eb0
@colons
Make a (currently template-less) profile update view.
456f0bb
@colons
Merge branch 'main' into dont-require-twitter
729213a
@colons
Merge branch 'main' into dont-require-twitter
44faa18
@colons
Reflect changes to the 'folks/' url prefix.
ad98e10
@colons
Only test the profile editing form when logged in.
ee778c5
@colons
Make a template for the profile update view.
6b5e434
@colons
Don't log out before hitting these login-required URLs.
72a5af4
@colons
Self-close this input tag.
c723a15
@colons
Sketch out a form for adding Votes.
074bd80
@colons
Don't manually 404 when someone tries to edit an anonymous profile.
6acb38a
@colons
Make a page for the vote form to live on.
9b9a5b2 
Also, abstract out the display of show dates to a dedicated include.
@colons
Placate black, at least a bit.
f479f5c
@colons
Replace twitter intent links with internal request links.
b37a665 
The form does not yet show you what you're requesting. This is a
problem. It also probably shouldn't open in a new tab.
@colons
Populate the selected track list from the ?t parameter.
1b91bbd
@colons
Don't specify an action for the vote form.
bfb4cac 
It's not needed.
@colons
Constrain and explain the vote 'text' field.
c30092e
@colons
Don't visually imply that you should write an essay against a request.
026cb7b
@colons
Cover VoteView in the Instant Coverage tests.
38b4588
@colons
Give up on using a form field for tracks in requests.
4a89143 
The view should do this every time. There's no reason for it to ever
pass through the user's hands.
@colons
Stop opening the vote form in a new tab.
1b361cd 
It's not an external site any more.
@colons
Indent the login template.
837a168
colons and others added 27 commits February 10, 2023 12:50
@colons
Placate some linters, including myself.
f70f150
@colons
Remove an instance of the now-removed "successful" field.
59e4377
@colons
Remove a pointless empty section.
50d4af9
@colons
Stop letting Django generate invalid HTML for us.
17727f7 
Also, remove a CSS hack that was only necessary due to this HTML being
as broken as it was.
@colons
Override the clearable file field template to be exactly the same.
75aacd1 
This template is just stolen directly from Django's, with some
whitespace changes. Now, I need to actually fix the problems I have with
it.
@colons
Try to make the file field a bit more reasonable.
089f3b6 
I'm still not happy with this. The way these forms are laid out just
does not mesh with the way these widgets work, and it ends up looking
kinda ugly.

This, at least, makes it look less broken.
@colons
Fix our test URL lists.
3585bb3
@colons
Provide a profile for looking at in tests.
89a0b33
@colons
Expect the cat's backup website to work.
ffcea12
@colons
Cache tracks with a key including per-user eligibility.
1a51838 
This will probably make the website noticably slower in some cases. It's
necessary, though, or you'll get a random other user's eligibility
state.
@colons
Cache Show.current() for two whole seconds.
b4de2da 
This method gets called a lot, so this should help things.
@colons
Catch another 'thisisthecat.com'.
fbd0d78 
I actually caught this one the first time, I just didn't save the file.
@colons
Move the profile creation signal so that it's an addressable function.
1a98fb3
@colons
Test the whole site as staff.
714f240
@colons
Make an everything test for elfs. Fix the non-staff tests.
953ae1f
@colons
Stop mentioning twitter in the README.
993bbc2 
We had talked about mentioning what has changed as a result of #235
here, but on reflection, I don't think that makes much sense. Existing
users are going to behave habitually, and we have placed a net to catch
them in the form of the login page. There's no reason to mention any of
this stuff to new users.
@colons
Give up completely on making the Elfs group at startup.
8fd41d4 
It was never really necessary to do it at times other than migrations.
@colons
Fix an elfs-related import.
ef1f083
@colons
Don't worry about delaying is_elf importing any more.
0a913ad
@colons
Be very explicit about why we're asking people to disconnect.
9d0038e 
I think opening with this is a good idea, just to make sure we're on the
same page as the reader. Without this context, it might be possible for
someone to come away being unsure why we want them to do this, and I can
imagine that being a pretty confusing experience.
@colons
Add a missing comma.
dbdba6f
@colons
Use shorter sentences.
d65908a
@colons
Explain why we recommend signing in with twitter in the first place.
ba7d738
@colons
Stop mixing and matching 'logged in' and 'signed in'.
49b960a
@euricaeris @colons
Break up this run-on sentence a bit.
993e0e9
@homsar
add placeholder icons
f501726 
four icons, each in 24 hues, generated programmatically.
the only thing changing between icons is the <path> element,
and the only thing changing between hues is the fill: style on that path.
@colons
Adopt these new placeholder avatars.
08d21df
@colons colons merged commit 0dedc13 into main Feb 10, 2023
@colons colons changed the title draft: don't require twitter don't require twitter Feb 10, 2023
@colons colons deleted the dont-require-twitter branch February 26, 2023 21:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@colons @euricaeris @homsar