Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Terms and conditions empty if cache not loaded #856

Open
Eldrile opened this issue Sep 18, 2024 · 7 comments
Open

Terms and conditions empty if cache not loaded #856

Eldrile opened this issue Sep 18, 2024 · 7 comments

Comments

@Eldrile
Copy link

Eldrile commented Sep 18, 2024

Hi,
In order to manage the creation of account for specific users, we encountered a potential problem.

In Keycloak, when creating a user account, we ask the user to reset their password by validating their email, as well as accepting the terms and conditions.

However, when the user receives the email with the link to complete these actions and opens it in a browser that has never accessed our Datalab (and therefore has no cache related to the Datalab), they are redirected to the default Onyxia theme, and the terms and conditions fail to load properly (the page displays a request to accept the conditions, but they are "empty").

To reproduce this issue, we open the email link in a private browsing window.

We therefore suspect there is an issue with the theme loading.
Even though that is an unlikely event, as it concerns the terms and conditions we need to resolve it.

@garronej
Copy link
Contributor

garronej commented Sep 18, 2024

Hello @Eldrile,

Thank you for pointing this out—this is indeed an issue.

The terms are provided at the Onyxia configuration level and passed via a URL parameter to the Keycloak theme. Under normal circumstances, as long as the user navigates at least once from your Onyxia instance to the login page, the terms should appear.

However, I hadn't anticipated this specific case. If the user opens their email on a phone and tries to validate it there, the terms won't be displayed.

I’ll address this and keep you updated once it's resolved. I hope it's not too urgent, as I've paused further development until I finish #827. I need to push that out as soon as possible.

Thanks for your patience.

By the way, which team are you with?

@Eldrile
Copy link
Author

Eldrile commented Sep 19, 2024

Thanks !
It's Chloé from Mercator.
We have modified our process for new members until this is resolved so It will be okay.

@garronej
Copy link
Contributor

garronej commented Sep 19, 2024

Hey @Eldrile,

I looked into the issue, and there’s a pretty straightforward solution:

You can reorder the required actions by moving the "Accept Terms and Conditions" before the "Verify Email" action. You can easily do this by dragging the handle to adjust the order.

This way, after users fill out the form and click "Register," they will need to accept the terms first, then validate their email.

image

This seems like the most practical approach. Any alternative would require configuring the terms on the Keycloak side, which is arguably less convenient since we already need the link to the conditions in the Onyxia instance’s footer:

image

Let me know if you have any thoughts!

@Eldrile
Copy link
Author

Eldrile commented Sep 20, 2024

Hi @garronej ,
I thought we already tried that, but I will check it !
Thanks

@Eldrile
Copy link
Author

Eldrile commented Sep 20, 2024

Hi again,
It doesn't work for us because we are creating ourselves their account. So they potentially never went to the datalab when resetting their password and in this case the terms of conditions are effectively placed before setting the password but without having ever loaded the datalab page, they appear "empty".
We would need to find another way to invite them to the datalab, I will think about it.

@garronej
Copy link
Contributor

garronej commented Sep 20, 2024

@Eldrile,
Ah okay that makes sense.
Well the only solution then will be to make you provide the URL to the TOS in the Keycloak configuration.
Like here:
https://github.com/InseeFrLab/onyxia-ops/blob/45c12d6e7d6256b82c9e77ab27b7a8360ea584d1/apps/keycloak/values.yaml#L57-L58

It would look something like:

apps/keycloak/values.yaml

  extraEnvVars: 
    - name: ONYXIA_RESOURCES_ALLOWED_ORIGINS
      value: "https://your-datalab.fr, http://localhost, http://127.0.0.1"
   - name: ONYXIA_TERMS_OF_SERVICES
     value: "{ en: 'https://your-datalb.fr/custom-resources/tos_en.md', fr: 'https://your-datalb.fr/custom-resources/tos_en.md' }"

I'll let you know when it's implemented.

@Eldrile
Copy link
Author

Eldrile commented Sep 23, 2024

That would be great !
Thanks @garronej, we will do it as soon as it's available.
In the meantime we are only white listing them.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants