Standardize direct verification for one-time participation

[NilHomedes]

Is your feature request related to a problem? Please describe.
In Decidim we have seen that there are two types of participants:

• One-time participants: Those who access once to perform a specific action (such as voting on participatory budgets) and do not return to the platform.
• Recurrent participants: Those participants who return more frequently to the platform to participate in different processes.

For one-time participants, it is usually frustrating to have to register to perform a single action that also requires verification. So they need to complete two forms to perform one action, sometimes these participants leaves the process uncomplete.

Describe the solution you'd like
I want a feature that enables direct verification without registration, so participants can complete an action without needing to register, just verifying themselves. This feature is designed for short periods of time and specific moments during a participatory process, specially for voting periods.

• This feature should work as a new verification method.
• This feature can be activated/deactivated in different components.
• In the system panel, I should be able to enable ephemeral-verification and link it to another existing verification method (i.e. organization census).
• To enable ephemeral-verification will be necessary to revoke all the verifications. By doing that, we are reducing the possible verifications conflicts that could emerge during the participatory action.

Alternatives

In Barcelona, they implemented the “ephemeral user)” feature, that was a similar approach to that.

Mokcup
Mobile

Does this issue could impact on users private data?
Yes. You are asking for personal data when they are verifying themselves.

Acceptance criteria

• Given I’m a system admin
  When I go to /system
  Then I can enable the method “Ephemeral Verification” and choose a verification method already enabled.
• Given I’m an admin
  When I want to enable permissions in a component
  Then I can select the method “Ephemeral Verification”
• Given I’m an admin
  When I want to enable “Ephemeral verification” in a component
  Then I’m prompted with a modal saying that “In order to enable this authorisation method, you need to revoke all of the existing authorizations. This minimises the risk of verification conflicts.”
  This modal should have a CTA to “Revoke all verifications”.
• Given I’m an admin
  When I enable the method “Ephemeral Verification” in a component,
  Then the permissions apply for that component action.

Flow 1) Visitant

• Given I’m a visitant
  When I want to make an action restricted by the “Ephemeral Verification” method
  Then I’m prompted directly with the verification form.
• Given I’m a visitant
  When I have completed the verification process
  Then an ephemeral session is created.
• Given I’m a visitant
  When I have completed the verification process
  Then I gain access to the action.
• Given I’m an ephemeral user
  When I leave uncomplete the action
  Then the ephemeral session is automatically closed after XX minutes. (according to session expiration time defined)
• Given I’m an ephemeral user
  When I want to quit the component with permisions enabled
  Then I’m prompted with a modal warning me that I will be logged out if I leave this page.
• Given I am a visitant with an existing ephemeral session
  When I attempt to verify myself again using my data that has already been used
  Then my existing ephemeral session is retrieved
  And I can view and edit my previous votes

Flow 2) Registered participant

• Given I’m a registered participant
  When I want to make an action restricted by the “Ephemeral Verification” method
  Then I’m prompted directly with the verification form.
• Given that I’m a registered participant, logged in
  When I click on an action restricted by “Ephemeral verification”
  Then I’m prompted directly with the verification form.
• Given that I’m a registered participant, logged in
  When I complete the authorization form
  Then, I’m verified and I gain access to the action
  And then, the verification is saved in my profile on /authorizations

Edge cases

• Given I am a visitant
  When I attempt to verify myself using the data of a registered participant who has already been verified
  Then a verification conflict occurs
  And I am prevented from proceeding
• Given I am an ephemeral user who has already voted
  When I register and try to verify myself with my information
  Then the data from the ephemeral user is retrieved and merged with the registered participant's account.
  And then I can see and edit my votes.

Retrocompatibilty

• Backport this PR to make it compatible with 0.29 version

[entantoencuanto]

I have tried some things to find a way to deal with the issue:

• Initially I tried to create a new model inherited from UserBaseIdentity. The main advantage of this approach is that the ephemeral users of this model may have a very basic logic and not use the same validations as regular users and all the searches exclude the new type of users. We also can create a session with an ephemeral user of this new model for the specific actions required to verificate and authorize and the rest of the application should behave as when no user is logged in. The disadvantage is that there are a lot of methods and associations involved in the controllers and views expecting a user and not other model when there is a current_user so we should review and adapt them and also change the association of the authorizations model with the users.
• I'll use instead the approach used in the module for Barcelona adding ephemeral users as regular users including the ephemeral user details in extended_data and setting the managed attribute as true
• In some cases I'm going to evaluate the possibility of add a warden strategy to prevent ephemeral users to perform some actions as regular users
• I'll also review the queries involved in searching users to exclude ephemeral users and to prevent the access to the profiles of ephemeral users and send them messages
• About the definition of ephemeral verificacions I have been reviewing the possibility of define workflows with an ephemeral configuration that would lead to a different routes set and devise authenticated users constraint. In this way the existing verifications configurations should not be affected by the new ones

As I progress with the code I will add considerations about the decisions I make.

[entantoencuanto]

Hi, have a question. Will ephemeral users have to accept the terms and conditions explicitly? If so, will they be the same as those of a regular user or different?

cc/ @decidim/product

[andreslucena]

Hi, have a question. Will ephemeral users have to accept the terms and conditions explicitly? If so, will they be the same as those of a regular user or different?

Yes, they need. The same as the general platform is OK.

[NilHomedes]

Hi @entantoencuanto we have a long discussion today with the Barcelona team, and we have some updates on this issue:

The main behaviour don’t change, but we have made some decisions that change a little bit the User Story.

• We want the authorization handler to be generated to be a new one. That is, ‘Ephemeral Verificatoin’ will be linked to an existing authorization form, But it will be a NEW authorization handler.
• We will allow retrieving the temporary session. So ephemeral participants can verify again and logging with the ephemeral session. So they can see their votes and modify it.
• We want to maintain 2 paths for participation: For already registered participants and for visitors without an account.

I'm going to modify the AC's to clarify all that.

---

For clarification, we will have this 2 main flows:

Flow 1) Unregistered visitant:

1. Click on the restricted action
2. Prompted with verification form
3. I’m succesfully verified
4. A temporary session is open
5. I gain acces to the restricted action

Flow 2) Registered participant with logged-in session:

1. Clicking on the restrticted action
2. I'm prompted with the verification form
3. I'm verified and I can vote
4. Then, the verification is saved in my profile

How would the ephemeral session work?

1. This session will only allow you to make actions in the specific component. If the ephemeral user wants to quit the component, we will close the session.
2. The session will be closed after a time of inactivity.
3. The session can be retrieved

---

In parallel, we will work in some improvements in the Budget component, mainly two issues:

• Enable a focus mode when voting on budgets
• Create a final screen after completing the votes

This will be done by our internal team.

---

I propose to have. a meeting to discuss this. We are avalable tomorrow morning.

[entantoencuanto]

OK, I have availability tomorrow between 10:00 and 13:00 and in the afternoon until approximately 18:30

[julietapasetti]

Hi, the mobile flows are now ok: Mobile

[julietapasetti]

Hi, the mobile and desktop flows are now ok: Prototypes

[entantoencuanto]

I have some questions:

• Is there something already implemented in Decidim regarding the link to download the vote and the link to share it? If not, is there an issue in which they are described?
• If an ephemeral verification is configured at a resource level (to allow voting a single budget, for example), the ephemeral visitant should be allowed to navigate only in the specific resource or in the full component?
• An ephemeral visitant when an ephemeral verification is set to vote should be allowed to perform other actions in the component if there are no configured permissions for them? For example, add comments?

[NilHomedes]

Hi @entantoencuanto

Is there something already implemented in Decidim regarding the link to download the vote and the link to share it? If not, is there an issue in which they are described?

Not yet. But this is something separated from this issue. We will develop this focus mode and final screen for budgets after this issue is completed.

If an ephemeral verification is configured at a resource level (to allow voting a single budget, for example), the ephemeral visitant should be allowed to navigate only in the specific resource or in the full component?

The participant will only be able to navigate in the specific component.

An ephemeral visitant when an ephemeral verification is set to vote should be allowed to perform other actions in the component if there are no configured permissions for them? For example, add comments?

How are you planning to deal with the ephemeral? Will they be users with an anonymous self-generated name?
Would it be too complex to limit the ephemeral to only be able to do the actions with verification?
If this adds too much complexity to the development, we can allow other actions to be done.
In any case, admins can always block comments if they prefer to concentrate the action on voting during that period of time.