Standardize direct verification for one-time participation

[entantoencuanto]

🎩 What? Why?

This PR allows the creation of ephemeral users which can start a session and verify to be allowed to perform an action.

The PR uses the onboarding feature and defines a new type of ephemeral users which are only allowed to verify and once verified navigate to perform the action associated to the onboarding data.

WIP

📌 Related Issues

Link your PR to an issue

• Fixes Standardize direct verification for one-time participation #13533

Testing

We have configured this component https://decidim-lot2.populate.tools/processes/branch-highway/f/6/budgets/1/projects with the Ephemeral Verification. You can verify yourself:

• DNI: anything that finishes with X
• Postal code: 05400
• Scope: General scope

With this you will start the ephemeral session and can try almost everything.

📷 Screenshots

Please add screenshots of the changes you are proposing

♥️ Thank you!

[furilo]

@decidim/product @NilHomedes as we've talked this morning @entantoencuanto is finishing some details but the main things can be tested. Instructions:

We have configured this component https://decidim-lot2.populate.tools/processes/branch-highway/f/6/budgets/1/projects with the Ephemeral Verification. You can verify yourself:

• DNI: anything that finishes with X
• Postal code: 05400
• Scope: General scope

With this you will start the ephemeral session and can try almost everything.

[NilHomedes]

Hey @entantoencuanto, thanks for the work done 💯
Here is a first review:

Fixes for Participatory Budget component

• On mobile, the “Vote budget” CTA should be sticky

• Progress bar not working. As a participant, when I add a new project to the budget I expect to see the bar filled according to the amount of money.
• On the budget cart: Add icon to "More information about the budget" or make it look like a clickable link.

Verification form

• Modify the text for 'Please verify your identity to proceed.” Instead of “We need to verify your identity…”.

Reference:

• Unify the double notification.

reference:

Successful final screen

• Fix “Succesfull screen” design. Implement the Figma design.
  Reference:
  

• Add the animation to the green check icon.

• “Download your vote” and “Share your vote” CTA are not working

Budgets landing page

• Cards design: The CTA should be in the same line of the budget amount.

How it is:

Reference:

• The “Delete your vote” should be in blue, not in red. Also the icon.

Focus mode layout

• When I click on the main icon in the header, I should be redirected to the component landing page. (https://decidim-lot2.populate.tools/processes/branch-highway/f/6/budgets)
• Remove the footer. In focus mode we are getting rid of the footer.
• Fix Header design ‘Close’ icon
  

Reference:

Admin

• When I enable permissions using ephemeral verification in a new component, the permissions are not being revoked. I can proceed without revoking them.

• Bug: When I enable the Ephemeral authorization in Proposals component, then I get an error when accessing to a proposal.

  

[entantoencuanto]

Admin

* [ ]   When I enable permissions using ephemeral verification in a new component, the permissions are not being revoked. I can proceed without revoking them.

I think I misunderstood that part about admin. I thought it was enough to put a link to delete the authorizations. So if an ephemeral permission is enabled, all the pre-existing authorizations of the handler have to be automatically revoked?

* [ ]   Bug: When I enable the Ephemeral authorization in Proposals component, then I get an error when accessing to a proposal.

This is a previous bug of the dummy authorization handler (and the ephemeral dummy authorization handler inherits from it). If no scope is selected there are some exceptions in front. I've added a fix

[NilHomedes]

I think I misunderstood that part about admin. I thought it was enough to put a link to delete the authorizations. So if an ephemeral permission is enabled, all the pre-existing authorizations of the handler have to be automatically revoked?

Yes, that's it. We want to force the revocation of the authorizations, to prevent verification conflicts. But we must notify the admin.

This is a previous bug of the dummy authorization handler (and the ephemeral dummy authorization handler inherits from it). If no scope is selected there are some exceptions in front. I've added a fix

Oh yes, you're right. I always forgot that :/

@ent I will wait to review this again until the PR is ready. Ping me again when you want me to do that

[entantoencuanto]

I have a question about the behavior when ephemeral users recover the session in an edge case, @NilHomedes.

Currently if an ephemeral user is created with a verification, its session can be recovered accessing with a verification with the same unique_id. But the verification is not updated and the original metadata remains, that is, if it was not previously authorized, it will continue to not be. Is it correct or the metadata should be updated with the new values provided by the verification flow?

[NilHomedes]

But the verification is not updated and the original metadata remains, that is, if it was not previously authorized, it will continue to not be.

I'm not understanding how it can be possible that an ephemeral user was not verified? As far as I understand, to create an ephemeral user it will be necessary to be verified. So this problem can not exist.

Is it correct or the metadata should be updated with the new values provided by the verification flow?

The metadata that are you referring to, what is exactly?

[entantoencuanto]

The authorization may have criteria to allow users perform the action.

In this case when a user verifies its metadata is the postal code and the scope. If this metadata does not meet the authorization criteria, the user will not be allowed to perform the action. I imagine a situation where the user changes district and the census service updates that information.

[NilHomedes]

In this case when a user verifies its metadata is the postal code and the scope. If this metadata does not meet the authorization criteria, the user will not be allowed to perform the action. I imagine a situation where the user changes district and the census service updates that information.

I see, well in that case I would update the metadata. So, at the end, the participant maintains their verification and can participate.

We are thinking this feature to be implemented in short periods of time during a specific participatory process. Let's say during the two weeks of the voting phase. So, this district changes that you were mentioning, might not happen in a such a short period of time.

[furilo]

@NilHomedes

Add the animation to the green check icon.

How do you want this to be implemented? It's a little bit tricky (or I need ideas! :)

• A GIF will produce a bad quality probably
• For doing it with SVG, we'd need to first show one, then with CSS switch to another one. Maybe a little bit complex for the task.

[entantoencuanto]

* [ ]   Progress bar not working. As a participant, when I add a new project to the budget I expect to see the bar filled according to the amount of money.

About this point the color of the bar depends on a custom organization color which has been removed here. I'm going to use the default success color

[furilo]

@NilHomedes some of the review regarding design are preexisting things. For these kind of things, especially in a PR so big, it would be better to create new issues so the PR don't get delayed... We'll try to tackle them, but to have in mind for future times.

[entantoencuanto]

On mobile, the “Vote budget” CTA should be sticky

I have been doing some research about this and from what I see this was implemented in this PR but the sticky behavior was reverted in other PR and currently is not available in develop. There is a reason for that change, so changing it again in this is PR I think will make it harder to track the potential conflict.

There is a comment about this specific change: #13127 (comment)

[NilHomedes]

Hi @furilo and @entantoencuanto, answering your questions as follows:

How do you want this to be implemented? It's a little bit tricky (or I need ideas! :)
A GIF will produce a bad quality probably
For doing it with SVG, we'd need to first show one, then with CSS switch to another one. Maybe a little bit complex for the > task.

To be honest, I don't know. This is not my field of expertise. I'm open to proposals here ;)

@NilHomedes some of the review regarding design are preexisting things. For these kind of things, especially in a PR so big, it would be better to create new issues so the PR don't get delayed... We'll try to tackle them, but to have in mind for future times.

Which ones exactly? We can open specific PRs for those you think it might be better to treat it in another PR.

I have been doing some research about this and from what I see this was implemented in this #12891 but the sticky behavior was reverted in other #13127 and currently is not available in develop. There is a reason for that change, so changing it again in this is PR I think will make it harder to track the potential conflict.
There is a comment about this specific change: #13127 (comment)

You are right. We have spoken about it in the Product meeting. This issue is already reported, and will be tackle by mantainers: #13488

[furilo]

@NilHomedes regarding this:

How do you want this to be implemented? It's a little bit tricky (or I need ideas! :) A GIF will produce a bad quality probably. For doing it with SVG, we'd need to first show one, then with CSS switch to another one. Maybe a little bit complex for the task.

To be honest, I don't know. This is not my field of expertise. I'm open to proposals here ;)

We have been trying for an hour to do a pure CSS-SVG to do the animation. Making the exact thing on the Figma is really tricky. We propose a simpler alternative:

https://play.tailwindcss.com/QFzx7r0WEC?size=540x720

[NilHomedes]

@furilo I don't like the fading. Maybe we would prefer something like this: https://codepen.io/kuvinod5/pen/WNvzazr

[entantoencuanto]

@entantoencuanto could you sync with the latest develop branch ? You are 31 commits behind current develop, and i would like to make sure we do not break it upon merging.

37 / 56

Done, rebased onto develop

[alecslupu]

I have tried on local to configure a new ephemeral authorization, and i got an error when data is being submitted.

The below diff seems to fix the error.

diff --git a/decidim-admin/app/controllers/decidim/admin/component_permissions_controller.rb b/decidim-admin/app/controllers/decidim/admin/component_permissions_controller.rb
index 5f19729c40..2554f985bd 100644
--- a/decidim-admin/app/controllers/decidim/admin/component_permissions_controller.rb
+++ b/decidim-admin/app/controllers/decidim/admin/component_permissions_controller.rb
@@ -9,16 +9,14 @@ module Decidim
 
       def edit
         enforce_permission_to(:update, :component, component:)
-        @permissions_form = PermissionsForm.new(
-          permissions: permission_forms
-        )
+        @permissions_form = form(PermissionsForm).from_params(permissions: permission_forms)
 
         render template: "decidim/admin/resource_permissions/edit"
       end
 
       def update
         enforce_permission_to(:update, :component, component:)
-        @permissions_form = PermissionsForm.from_params(params)
+        @permissions_form = form(PermissionsForm).from_params(params)
 
         UpdateComponentPermissions.call(@permissions_form, component, resource) do
           on(:ok) do

50 / 56

[alecslupu]

@entantoencuanto have you seen my comment ?

cc @furilo , @ferblape , @andreslucena

[entantoencuanto]

Change added, @alecslupu, you are right, the form helper method provides the extra context necessary to obtain the current user

[alecslupu]

👍