Skip to content
This repository has been archived by the owner on Jun 13, 2020. It is now read-only.

Emailverification for creating offers #71

Open
6 tasks
chaoran-chen opened this issue Apr 7, 2020 · 1 comment
Open
6 tasks

Emailverification for creating offers #71

chaoran-chen opened this issue Apr 7, 2020 · 1 comment
Labels
enhancement New feature or request

Comments

@chaoran-chen
Copy link
Member

We want to make sure that created offers are authorized by the owners of the given email address.

The user already receives an email after creating an offer. The email contains a link that leads to a page on which the user can see the entered information and edit them. The mails look as following:

Dear [...],

Thank you very much for providing lab resources and/or staff to support the fight against Corona.

You can use the following link to see the details of your offer: https://pirat-tool.com/change/[...]. [...]

Now, a new offer should be deactivated until the user clicks on the link for the first time. I suggest the following steps:

  • Add the column activated to the database table offer.
  • The field is set to false when creating an offer through POST /resources.
  • The search API endpoints GET /resources/consumables, GET /resources/devices, and GET /resources/manpower should only return offers that are activated.
  • The endpoint GET /resources/offers/{token} should also the activated field.
  • Add the endpoint POST /resources/offers/{tokek}/activate that activates an offer when called.
  • Change the text of the offer confirmation email.
@Timo-Weike Timo-Weike added the enhancement New feature or request label Apr 9, 2020
@Timo-Weike
Copy link
Member

How does the process look to add a column to a table is it just editing the init.sql file to include the new column?

Also how could the link be generated? Is there some example in the code to look for on how to generate it? And also don't we need to somehow persist a token for the activation?

Like if some offer is made the link is pirat-tool.com/a/{activationToken} and we then have to somehow link the activation token to the new offer.

I think we should include a new table like

create table activation
(
	id serial not null
		constraint activation_pkey
			primary key,
	token text not null,
	offer_id integer
		constraint activation_offer_id_fk
			references offer
				on update cascade on delete cascade,
        due timestamp not null
);

The due column could be used to clean up activation request that were never activated.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@chaoran-chen @Timo-Weike