Set up registration/login #4
Description
Login modes
Maybe only support GitHub login?
Other options:
- Email login
- Mobile phone login
- Traditional username+password
All of these but the last one would probably help us out a lot with keeping bots/spammers out
I'm kind of a fan of just doing GitHub login as the one and only way. Some might argue that requiring GitHub creates a barrier to non-techies, but the process of merely registering for a GitHub login is as user-friendly as registering on any other site and then that puts us in a world where it's safe to assume that anyone who has registered on codeforphilly.org is just one more step away from being able to participate in discussion boards on github or comment on issues or use Projects kanban boards. This will enable us to lean hard into leveraging everything GitHub has to offer for fueling projects while positioning us well to be able to automate things and match up activity in GitHub with CfP users (e.g. imagine that while creating a new project on cfp.org you can check a box to have it set up a best-practices github repo to link with the project, or collaborators automatically get added when a project lead accepts a new volunteer)
Migrating old accounts
Unless we do traditional username+password login, we won't be able to do a seamless migration of old user accounts to the new site. The existing user database is full of spam/bot registrations though so that might be a good thing. We could import the entire legacy user database as a secondary table for reference and then maybe have some kind of process to match old accounts on login (maybe automatically via email addresses on file at github)
We could automatically generate user accounts in the new table for anyone who is a creator/updater/author of any objects in the database to maintain referential integrity and credit. Other than comments we've mostly done a good job deleting anything spammy so this should be a pretty clean set of users, and maybe we just leave comments behind entirely or only pull in comments+users for those who have authored literally anything else but a comment in the system
CfP.org is the identity provider for our Slack workspace so that's another consideration. Our username field is the persistent identifier between CfP.org and Slack accounts so that's a really good reason to have a pretty seamless process to match up with existing user accounts when people log in. We could do that totally seamlessly and transparently in any case where someone's existing CfP account has an email address that matches any of the emails on file on their GitHub account. The flow could be:
- Log into the new cfp.org with github
- Detect first login and check legacy user table for matching email address and auto-import
- You're in Slack
The case where this could break down is if someone has an old/alternative email on their CfP.org account that doesn't match any of the ones in their github. To mitigate this we could have a screen you see after your first login that either tells you that your old account was found and migrated, or telling them that no existing account was found and if that's a mistake and they did already have an account give them a little form for looking up and "claiming" an old account that drops a message into an admin slack channel for someone to spot-check and hit approve on