From 8a68ac0d5b85f896dd59042c207bc63c3d026f7d Mon Sep 17 00:00:00 2001
From: 0livd <github@destras.fr>
Date: Fri, 15 Dec 2017 17:10:28 +0100
Subject: Use token based auth in invitation e-mails (#280)

* Use token based auth in invitation e-mails

Invitation e-mails no longer contain the clear
text project password

* Skip invite page after project creation

- Replace ``The project identifier is demo, remember it!``
by ``Invite other people to join this project!``
(linking to the invite page)
- Encourage users to share the project password via other
communication means in the reminder email
---
 ihatemoney/templates/authenticate.html  |  5 +++--
 ihatemoney/templates/invitation_mail.en |  4 +++-
 ihatemoney/templates/invitation_mail.fr |  4 +++-
 ihatemoney/templates/list_bills.html    |  2 +-
 ihatemoney/templates/reminder_mail.en   |  4 +++-
 ihatemoney/templates/reminder_mail.fr   |  2 ++
 ihatemoney/templates/send_invites.html  | 14 ++++++--------
 7 files changed, 21 insertions(+), 14 deletions(-)

(limited to 'ihatemoney/templates')

diff --git a/ihatemoney/templates/authenticate.html b/ihatemoney/templates/authenticate.html
index 98914d0..4e8eb77 100644
--- a/ihatemoney/templates/authenticate.html
+++ b/ihatemoney/templates/authenticate.html
@@ -3,8 +3,9 @@
 <h2>Authentication</h2>
 
 {% if create_project %}
-<p class="info">{{ _("The project you are trying to access do not exist, do you want
-to") }} <a href="{{ url_for(".create_project", project_id=create_project) }}">{{ _("create it") }}</a>{{ _("?") }}
+<p class="info">{{ _("The project you are trying to access do not exist, do you want to") }}
+<a href="{{ url_for(".create_project", project_id=create_project) }}">
+    {{ _("create it") }}</a>{{ _("?") }}
 </p>
 {% endif %}
 <form class="form-horizontal" method="POST" accept-charset="utf-8">
diff --git a/ihatemoney/templates/invitation_mail.en b/ihatemoney/templates/invitation_mail.en
index 03f5141..eeaafdb 100644
--- a/ihatemoney/templates/invitation_mail.en
+++ b/ihatemoney/templates/invitation_mail.en
@@ -4,7 +4,9 @@ Someone using the email address {{ g.project.contact_email }} invited you to sha
 
 It's as simple as saying what did you paid for, for who, and how much did it cost you, we are caring about the rest.
 
-You can access it here: {{ config['SITE_URL'] }}{{ url_for(".list_bills") }} and the private code is "{{ g.project.password }}".
+You can log in using this link: {{ url_for(".authenticate", _external=True, token=g.project.generate_token()) }}.
+Once logged in you can use the following link which is easier to remember: {{ url_for(".list_bills", _external=True) }}
+If your cookie gets deleted or if you log out, you will need to log back in using the first link.
 
 Enjoy,
 Some weird guys (with beards)
diff --git a/ihatemoney/templates/invitation_mail.fr b/ihatemoney/templates/invitation_mail.fr
index 53698dd..a95f9e9 100644
--- a/ihatemoney/templates/invitation_mail.fr
+++ b/ihatemoney/templates/invitation_mail.fr
@@ -4,6 +4,8 @@ Quelqu'un avec l'addresse email "{{ g.project.contact_email }}" vous à invité
 
 C'est aussi simple que de dire qui à payé pour quoi, pour qui, et combien celà à coûté, on s'occuppe du reste.
 
-Vous pouvez accéder à la page ici: {{ config['SITE_URL'] }}{{ url_for(".list_bills") }} et le code est "{{ g.project.password }}".
+Vous pouvez vous authentifier avec le lien suivant: {{ url_for(".authenticate", _external=True, token=g.project.generate_token()) }}.
+Une fois authentifié, vous pouvez utiliser le lien suivant qui est plus facile à mémoriser: {{ url_for(".list_bills", _external=True) }}
+Si votre cookie est supprimé ou si vous vous déconnectez, voous devrez vous réauthentifier en utilisant le premier lien.
 
 Have fun,
diff --git a/ihatemoney/templates/list_bills.html b/ihatemoney/templates/list_bills.html
index 1386636..e4034d4 100644
--- a/ihatemoney/templates/list_bills.html
+++ b/ihatemoney/templates/list_bills.html
@@ -92,7 +92,7 @@
 {% endblock %}
 
 {% block content %}
-<div class="identifier">{{ _("The project identifier is") }} <a href="{{ url_for(".list_bills") }}">{{ g.project.id }}</a>, {{ _("remember it!") }}</div>
+<div class="identifier"><a href="{{ url_for(".invite") }}">{{ _("Invite people to join this project!") }}</a></div>
 <a id="new-bill" href="{{ url_for(".add_bill") }}" class="btn btn-primary" data-toggle="modal" data-target="#bill-form">{{ _("Add a new bill") }}</a>
 
     <div id="bill-form" class="modal fade show" role="dialog">
diff --git a/ihatemoney/templates/reminder_mail.en b/ihatemoney/templates/reminder_mail.en
index f13da5d..5f9b7d8 100644
--- a/ihatemoney/templates/reminder_mail.en
+++ b/ihatemoney/templates/reminder_mail.en
@@ -3,7 +3,9 @@ Hi,
 You have just (or someone else using your email address) created the project "{{ g.project.name }}" to share your expenses.
 
 You can access it here: {{ url_for(".list_bills", _external=True) }} (the identifier is {{ g.project.id }}),
-and the private code is "{{ g.project.password }}".
+and the shared password is "{{ g.project.password }}".
+If you want to share this project with your friends, you can share the identifier and the shared password with them or send them invitations with the following link:
+{{ url_for(".invite", _external=True) }}
 
 Enjoy,
 Some weird guys (with beards)
diff --git a/ihatemoney/templates/reminder_mail.fr b/ihatemoney/templates/reminder_mail.fr
index 86c00ff..fbe299a 100644
--- a/ihatemoney/templates/reminder_mail.fr
+++ b/ihatemoney/templates/reminder_mail.fr
@@ -4,5 +4,7 @@ Vous venez de créer le projet "{{ g.project.name }}" pour partager vos dépense
 
 Vous pouvez y accéder ici: {{ url_for(".list_bills", _external=True) }} (l'identifieur est {{ g.project.id }}),
 et le code d'accès "{{ g.project.password }}".
+Si vous voulez partager ce projet avec vos amis, vous pouvez partager son identifiant et son code d'accès avec eux ou leur envoyer une invitation avec le lien suivant :
+{{ url_for(".invite", _external=True) }}
 
 Faites en bon usage !
diff --git a/ihatemoney/templates/send_invites.html b/ihatemoney/templates/send_invites.html
index 7b3bdc5..cd96380 100644
--- a/ihatemoney/templates/send_invites.html
+++ b/ihatemoney/templates/send_invites.html
@@ -1,17 +1,15 @@
 {% extends "layout.html" %}
 
-{% block sidebar %}
-<ol>
-    <li>{{ _("Create the project") }}</li>
-    <li><strong>{{ _("Invite people") }}</strong></li>
-    <li><a href="{{ url_for(".list_bills") }}">{{ _("Use it!") }}</a></li>
-</ol>
-{% endblock %}
 {% block content %}
 <h2>{{ _("Invite people to join this project") }}</h2>
 <p>{{ _("Specify a (comma separated) list of email adresses you want to notify about the
 creation of this budget management project and we will send them an email for you.") }}</p>
-<p>{{ _("If you prefer, you can") }} <a href="{{ url_for(".list_bills") }}">{{ _("skip this step") }}</a> {{ _("and notify them yourself") }}</p>
+<p>{{ _("If you prefer, you can share the project identifier and the shared
+password by other communication means. Or even directly share the following link:") }}</br>
+<a href="{{ url_for(".authenticate", _external=True, token=g.project.generate_token()) }}">
+    {{ url_for(".authenticate", _external=True, token=g.project.generate_token()) }}
+</a>
+</p>
 
 {% include "display_errors.html" %}
 <form class="invites form-horizontal" method="post" accept-charset="utf-8">
-- 
cgit v1.1