invite to see a loan
New here? Learn about Bountify and follow @bountify to get notified of new bounties! x

A.

Given I’m (inviter) on http://www.lendinground.com/notes/new
When I enter in all the loan information and
When I enter in both email addresses and
When I click Checkout with Dwolla
Then an email should be sent to !current_user.email(invitee) with a link to <a href="/signin">Create an account to see the loan</a>

B.

Given Im(invitee) viewing my email
When I click Create an account to see the loan and
When I go through the process of creating an account
Then I should be redirected to notes/:id

Open sourced app:

http://github.com/akshatpradhan/lending-round

I'll be using Mandrill for email, I can give more details on that later.

Feels like déjà-vu... what about adding devise_invitable ?
kc00l over 5 years ago
haha! yeah, let's use devise_invitable
akshatpradhan over 5 years ago
awarded to kc00l

Crowdsource coding tasks.

1 Solution

Winning solution

This is my pull request: https://github.com/akshatpradhan/lending-round/pull/17

Summary of changes

  1. Adding devise and devise_invitable to User model, just using omniauthable for authentication
  2. Cleanup of old session methods
  3. Send the borrower an invitation mail using the note borrower_email field
  4. Borrower accepting the invitation is redirected to dwolla authentication
  5. Show loans the borrower has been invited to sign in his profile page

Discussion

I admit I started from scratch. I wrote some basic specs and managed to make them pass, but I couldn't figure out how to implement the "accept invitation feature" without making things over complicated. Then I thought about your other app Spoutlets and the devise_invitable gem we used there and things got simpler and simpler.

One of the trickiest parts to write specs for was when I had to mock two different dwolla accounts - one for the lender creating the note and sending an invitation and one for the borrower accepting the invitation. I even started feeling desperate when the borrower accepting the invitation was being redirected... to the lender profile... Then I noticed I was using the same uid field for the just created borrower and once I change that all specs passed!

Hints/Changes

Finally I'm not so sure separate borrower/lender models are needed but the application need to be more secure by leveraging on cancan. Notes should only be accessible if the current user either is the creator (the lender) or the user invited to sign (the borrower), for example:

can [:read, :update], Note, user_id: user.id
can [:read, :update], Note, borrower_email: user.email

The second condition is valid if you force a unique email validation check for the User model, though.

Update

I changed the url of the Login button in the _navigation layout partial and also fixed specs to reflect this change.

Hey, I checked out this PR but i'm having problems logging in. I made a video of what I'm seeing. I checked my application.yml and it looks fine: http://www.youtube.com/watch?v=cjwhBlp3-LU&feature=youtube_gdata_player
akshatpradhan over 5 years ago
btw, sorry for not reviewing this PR earlier. I was finishing up my presentation for the security event during the week.
akshatpradhan over 5 years ago
Yeah, I forgot to change the link to sign in. I'll do that in a moment.
kc00l over 5 years ago
@kc00l Thanks! I pushed pr/17 up to production but I haven't configured the Mandrill keys for invitation emails yet. I'll merge this PR after i configure emails. I'm going out for a drive with the g/f today (date weekend), so I'll be back to configure Mandrill tomorrow morning.
akshatpradhan over 5 years ago
@kc00l afterwards, I'm going to start bringing in some nice aesthetics and good copy for the rest of the pages/site. I'll probably use FlatUI again.
akshatpradhan over 5 years ago
Acknowledged, sir!
kc00l over 5 years ago