I have a question in modelling Use Case.
1) If a actor(or user) registers an account in a System and if the System sends Successful Registration Email notification to the actor. Should it be considered as separate use case for email notification or is it part of 'Register Account' Use case?
2) If there is a scenario where user account is terminated by another user who is system administrator. The terminated user needs to be notified that his account is terminated by email. In this case, Should the email notification be a separate use case or an "include" use case with "Terminate Account" use case?
Thanks in Advance.
If your system sends the emails automatically and the user has to do nothing but the main use case, they are not separate use cases. They are merely a reaction of your system to a given use case. It is then a post-condition of said use case that the email has been sent out.
I think email sending is not different use case. But when you are implementing this, you are should seperate responsibility of register account to account class and email sending behaviour should be part of EmailSender classs.
Email notification and register or terminate account are different behavior of system. Every class should have single responsibility and including email sending as part of account class doesn't make any sense.
Related
Is there a already existing solution to auto login customer after they confirm email? couldn't see such feature from admin panel.
By just looking at the code (not testing), it seems that this is already the case.
When user clicks on the confirmation link in the email, it calls \Magento\Customer\Controller\Account\Confirmation::execute
This execute method does $this->session->setCustomerDataAsLoggedIn($customer); which calls \Magento\Customer\Model\Session::setCustomerDataAsLoggedIn
The setCustomerDataAsLoggedIn method is supposed to log the user
Perhaps is there some observer on customer_login and/or customer_data_object_login that short-circuits this business logic.
I have 2 applications on the same Tenant.
I can configure an email template for the "Set Password" workflow on:
an Application Level
the Tenant level
When I register a new user using the UI, as far as I understood it will only be able to send the email configured on the tenant level since it won't know anything about which application the user can see until the next step when I add the registrations.
If I create a user and add registration to it right away (on the same step) then this takes the Template configured on the application level.
My questions are:
Can we do something like this through the UI interface too? My applications have a different user base (some have accounts on both) and it would be nice to be able to send them one email or the other.
Or is this only possible through the API?
If I register a user with both applications (through the API) which email do they get?
Thanks for the help!
Can we do something like this through the UI interface too?
This is not currently possible. Creating the User, and creating a User Registration are two separate steps. As you correctly stated, when creating the user in the UI, there is no context yet for an application. For this reason, the user will receive the template configured at the tenant level.
Or is this only possible through the API?
Correct. You must use the Create "User + Registration" API to do this in one step to use the application template for setup password.
If I register a user with both applications (through the API) which email do they get?
When using the API to Create "User + Registration" you can only register for one application at a time. The email is only sent during the User Create step, so if you register for a second application, the user will already exist and thus will not receive a second email.
In my chat application I want to implement a functionality that whenever a user is already logged in and if he/she wants to login again in some other device using the same username & password, it should revert the user back a message - "You are already logged in somewhere else"
I only know this method to check the logged in status -
connection.isConnected();
But this will not server my purpose.
Alex answer is correct, but let me elaborate it a little bit:
After a successful login your XMPP-IM client will send a presence stanza to the server. The server then replies with the presence stanzas of ever JID in your roster with subscription status 'from' and 'both' (RFC6121 XMPP-IM 4.2.2 and 4.4.2).
Section 4.4.2 also states:
The user's server MUST also send the presence stanza to all of the user's
available resources (including the resource that generated the presence
notification in the first place).
This means that you will get the presence information from every other connected resource of your JID. If you receive here a presence stanza from a different full JID then you used with your current connection you know that a second (or third,...) client is connected with your JID and you display the "You are already logged in somewhere else" message.
Note that this is not really what you want do when using XMPP, as multiple clients simultaneously connected using the same bare JID is a core feature of XMPP-IM.
When using smack, Iterator<Presence> Roster.getPresences(String user) may be used to retrieve the presence information. The call would look something like this getPresences(XMPPConnection.getUser()). (Note that I have not verified if it really works).
after login when you send your initial presence you get the presences of all your other resources (devices). So check all your incoming presences and you will know all your available connections.
I'm wondering what the best behavior is when a user requests a password reset for an email that doesn't exist.
Context: user is not logged in. They just enter an email and hit a reset button.
If I tell the user requesting the reset immediately that the account doesn't exist, that's both a bit of security hole and a privacy issue.
If I do nothing and it's an innocent mistake (they thought they had an account), they'll be wondering what the heck happened. Most mysterious option, least subject to abuse.
I can send an email that says a password reset has been requested but there's no account (and should be ignored blah blah blah). This seems the least noxious but it is a little subject to abuse.
Update: On further consideration, I don't really so how 1 is a big deal since they can get the same information by simply trying to sign up/use the same email ... unless I'm missing something ...
I personally would go this way:
User enters e-mail address.
Screen says "request will be processed, e-mail has been send" or something along those lines.
If there is no account linked with this e-mail address: don't send a mail, but don't tell the guy requesting.
If there is an account linked with this e-mail: send the reset e-mail including the usual "if this wasn't you simply ignore this mail, if you suspect abuse please contact $foobar"-message.
Here is why i would NOT tell anyone whether an account is linked with this e-mail address: Privacy. If you told everyone, everyone could check if $person is using $service.
Figured i would include why i wouldn't send a mail if there was no such user: Why should i? The user will probably either know which email address he used or try several at once (or only wait a short time span). Of course there are cases in which it would be a bit more userfriendly if one would send those mails, but they aren't important enough to negate the abuse potential.
There is not much abuse potential if only one website does that stuff (as long as they wouldn't send multiple mails in a short timespan), but imagine every webservice going this way. You would just have to collect a few of those services and then emailbomb someone 'you' dislike, without hitting any spamfilter!
Personally, i'm a fan of:
The user enters an email.
Whether or not the email exists, say that it has been requested, and if you do not receive an email shortly, try again or contact us.
In the email, state a password request was submitted, and if it wasn't the user, then to ignore the email.
Also,
If you're worried about bots scraping your site for emails, add a Captcha.
If you're worried about people hacking accounts, add a second layer that prompts for a secret question answer.
In my opinion the third option is the best compromise between user-friendlyness and security. Option 1 seems to be to big of a privacy issue. Using option 2 the user can not know if he has an account, but registered with another email address or if the reset system doesn't work.
I would do something like this
Ask for the username or email
If that email or username is present, send all the email to the person, with the reset password.
Finished :)
I'm using ActiveRecord to maintain information about users. The User class has the expected load(), insert(), update(), and delete() methods, setters, getters, and a few others. But I am having trouble deciding whether or not certain other methods should be included in the User class, or handled by collaborators.
Here's an example:
There are several transactions that a user might request that require confirmation. This is handled in a conventional way -- sending an email to the user with a link; clicking the link confirms that the user does indeed want the transaction to proceed. A hash of the verification key and it's expiration date/time persist as part of the user record.
Where should I draw the line in this process? Should there be a collaborator that handles verification (for example by taking the plain-text verification key from the query string and accepting a User object as a param)? Or should this be handled internally by the User class (passing the plain-text verification key in a method call)?
The very next thing that would happen upon verification, of course, is that the transaction would proceed requiring an update to the active record -- and there, it seems to me, the User class must have responsibility.
Any suggestions?
You should delegate this task to a collaborator, which manages a confirmations table.
You would use the Confirmation model to track all confirmation requirements. The model will belong to User, as well as manage the confirmation hash and the action-to-be-confirmed (e.g. activate_account, change_password or change_email etc.).
The Confirmation controller would be responsible for validating the confirmation hash and chaining the appropriate action on the appropriate model (e.g. activate_account -> user.activate(), change_password -> user.setPassword() etc.) and remove the Confirmation from the confirmations table upon successful completion.
This will allow for better separation of logic, as well as allow you to scale better, e.g. to entertain more than one pending confirmation for a given user (say confirmation to change password and confirmation to change something else.)