-
-
Notifications
You must be signed in to change notification settings - Fork 281
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Default to using InvitationKeys model for locking down a server #1452
Comments
@swombat can you talk a little more about your use case here? Generally invitation keys (as they're implemented today) are designed to be something that the developer sets up, they're not intended to be created by end users. I'd be interested in hearing about whatever you're doing that has you changing them frequently enough for this to be a problem you'd like to solve. |
Well, Invitation Keys are an early concern for an app, so that would argue for them not having a long-term model... but (at least for me) the natural use is you set up a key for a given user and you then send them the link. They use it, and then possibly you remove the key to prevent it being shared around. For example, I set up specific invite keys with someone's name in them. And someone just invited me to a BT app and the invite key was a long hexadecimal string. The consequence of this is that invite keys change. With the default setup, each time they change, the server has to be restarted. That's not great. They also can't be created or removed easily - you have to mess with the server's environment variables. To me the obvious solution to this was to have a convention (likely true) that whoever signs up first can lock down the signup process by adding at least one invitation key, and can edit those in the app. In my apps I end up making this model only visible to the site admin team id, but that would require shoehorning another concept (site admin) into BT so maybe not viable (though my elegant hack for this is it's specified by an env variable - or the very first team to sign up if the env variable is empty). This avoids the issue of restarting the server whenever invite keys are issued. |
Thanks for the deets, @swombat. I don't think the current implementation is intended for the use-case that you're describing. I think it's really intended more for a relatively short beta period where you'd be giving a single shared invite code directly to somewhat trusted beta testers. I wouldn't be opposed to exploring if we can offer something closer to what you're describing, but my initial gut reaction is that this kind of thing is going to vary quite a bit from app to app, and might be more of an "app concern" than a "framework concern". You already touched on the idea of whether "site admins" are the only ones who could make invitation codes, and I think there are lots of related questions that would be hard to answer in a general "this should work for everyone" kind of way. Stuff like:
@gazayas @kaspth @pascallaliberte @andrewculver, do y'all have any thoughts on this? |
@swombat interesting! I don't know if I'm understanding the use-case correctly, because I wonder if this could be accomplished with a feature flag via something like Flipper/Flipper Cloud? Then you could grant the Once the private |
I definitely agree that this is more of a framework concern than an app concern, and this may not be a fit for BT ideology especially since the uuid keys that we issue out when sending an invite to a unregistered user (in a standard BT app without HOWEVER, I don't think that @swombat's idea is completely off/wrong, and I just think that a big part of why it's a framework concern for us is because of the Team setup that comes stock in BT. When a new User is registered, they're required to belong to a Team, and if they haven't been given an invite, they get a default Team with admin abilities. If the app is eventually freed up to everyone they'll still be able to create their own Team with admin abilities (as opposed to only being a User that doesn't have a We already have a exclusive member-identifying key setup with invitations for the main functionality of BT to protect the Teams themselves, so maybe I just need to see a more specific example to understand the use-case. With that being said, I don't think we have to throw away @swombat's idea completely, but we could potentially put a compatibility layer on top of what we have so to speak as opposed to reworking the User registration (or Invitation Only mode) logic. Like @kaspth said,
That might be the first direction we want to go in to make things configurable for Users. |
I mean, an invitation system can be as complicated as you can dream it up... 😅 It feels to me that since BT has any invitation system it already has accepted the idea that this is a SaaS framework concern. That said I don't think that means that BT needs to handle all possible edge cases (expiration keys, enabling invitees to invite more people, etc)... but imho it does need to be a little bit more functional than it is now. I wanted to give each person an individualised invitation. And no, I don't want to invite them in my team, I want them to be able to sign up to their own team. It was quite frustrating with the default BT system to have to restart the server each time I changed the invitation codes. FYI I have made a minimal invitation system as a generator here, since I was about to code up this exact same thing on the third site in a row now: It doesn't even need the |
Oh and the new method didn't even need touching the concern. Weepee. |
Having to restart the server each time you want to change the invitation keys is a bit clumsy.
A simple solution I've implemented is to define a very simple
InvitationKeys
model.Then, redefine the
invitation_only?
method inbullet_train.rb
:And then eject the
invite_only_support.rb
concern to replace theinvitation
method with:This way, the first user to sign up can add an invitation key via their dashboard, and the moment they do, the app is locked down by invitation code. If they remove all invitation codes, the app is open to free signups again.
If the dev wants to make this invitation_keys table visible only to the "site admin" they can code that themselves.
I'm not sure:
Open to discussion.
The text was updated successfully, but these errors were encountered: