Project

General

Profile

Feature #446

Create better account activation error messages

Added by Matt Gold over 8 years ago. Updated over 4 years ago.

Status:
Resolved
Priority name:
Normal
Assignee:
Category name:
WordPress (misc)
Target version:
Start date:
2010-12-07
Due date:
% Done:

0%

Estimated time:

Description

I'd love to see us work a bit to provide more information to prospective members when they run into errors during the sign-up process. Here is a sample email from such a person:

"Although I successfully opened an account, those members that i have invited are having problem signing-up. Here is the problem that we are facing. When they get the "activation" email that I pasted below, I clicked on the first link and do not see an activation number to put in the activate field. I tried pasting in the key number [xxxxxxxxxx] that is listed in the address behind key= . This key only get a "error activating your account" message. please advise..."

It would be so much more helpful if that error message was more precise. Was the account already activated/created? Did the time window on the activation key run out? Was an incorrect activation key entered? Any of these would provide some clarity both to members and to us.

Screen_shot_2010-12-08_at_10.34.40_AM.png (59.2 KB) Screen_shot_2010-12-08_at_10.34.40_AM.png Matt Gold, 2010-12-08 10:37 AM
Error Message w New Link.png (39.2 KB) Error Message w New Link.png Samantha Raddatz, 2015-01-09 10:04 AM

History

#1 Updated by Ron Rennick over 8 years ago

Has someone provided you with an email that didn't contain the activation key (or an invalid key)?

I haven't looked through the BP code, but the WP activation only gives that message when the key is not a valid key (ie. does not match any of the activation keys stored in the wp_signup table).

#2 Updated by Matt Gold over 8 years ago

In this particular case, clicking on the activation link ( http://commons.gc.cuny.edu/activate?key=968125d9554dbe6a ), which was provided in the activation message, produces the result shown in the attached screenshot.

If you'd like, I can forward the email message itself to you . . . .

#3 Updated by Ron Rennick over 8 years ago

"If you'd like, I can forward the email message itself to you . . . ."

Please do :)

#4 Updated by Matt Gold over 8 years ago

Sent! I guess we're now tackling two issues in this ticket -- the specific error that this prospective member encountered, and the more general issue of providing more descriptive error messages. Perhaps we should separate them, but in the near-term, I'd like to find a solution for this member.

My guess: the account was already activated, so the member just needs to login and/or request a new password.

#5 Updated by Boone Gorges over 8 years ago

Matt's right that the account was already activated. This looks like a shortcoming in BP and should be addressed there: http://trac.buddypress.org/ticket/2784

#6 Updated by Boone Gorges over 8 years ago

  • Status changed from Assigned to Resolved

This should have been fixed in BP/WP: http://trac.buddypress.org/changeset/3622

#7 Updated by Boone Gorges almost 5 years ago

  • Status changed from Resolved to Assigned
  • Assignee changed from Boone Gorges to Daniel Jones
  • Target version changed from 1.2 to 1.8

We've had a few reports in the last few months of users getting confused because they tried to reactivate already-activated accounts, and were given ambiguous error messages. Dan, would you mind trying to reproduce this on your local installation? If you're successful, could you please look into why the changes discussed above are not helping, and try to implement a better solution?

#8 Updated by Daniel Jones almost 5 years ago

Sure thing! I'll start working on it now. Is the way to try and produce it to create an account, get the activation message and click on it, then click on it again?

#9 Updated by Daniel Jones almost 5 years ago

When I try to click the activation link for an already active user from an email generated by the "Add User" page for admins, I get this error - "The user is already active." So things seem okay there, but it might be nice to add more info - like the username that was created (if that isn't poor security practice) and/or a link to the forgot password page.

However, when I try to register myself with a non-CUNY email address and a manually created activation code, I get the email but when I click the activation link I get an ambiguous "Could not create user" message, and the user doesn't show up in the "Users" page in the dashboard. Still need to investigate what the error is though.

#10 Updated by Matt Gold almost 5 years ago

Daniel Jones wrote:

Sure thing! I'll start working on it now. Is the way to try and produce it to create an account, get the activation message and click on it, then click on it again?

I think that there are lots of possibilities. Here are a few I can think of:

  • activation link is out of date
  • user cuts and pastes incorrectly (or email program adds extraneous code to the link), so that the wrong activation code is entered
  • user has already activated the account

#11 Updated by Daniel Jones almost 5 years ago

So this is weird - I've run into an issue with signing up a non-CUNY email address using a code from the Non-CUNY Activation Code plugin: the line in the cac_check_signup_validation_code function that unsets the non-CUNY email error just doesn't unset the variable. I do a var_dump of it before and after the call to unset and it returns the same thing both times. In Wordpress 4.1 they're adding a remove() method to the WP_Error class that'll make it easier to do this kind of thing, but for now I'm not 100% sure what to do. Do you think this is popping up on the live Commons as well or just a weird quirk of my local setup? I guess I could continue to test this through manually adding users in the dashboard for now.

#12 Updated by Boone Gorges almost 5 years ago

Yargh, this is a frustrating issue that I ran into somewhere else too. Try this: https://github.com/cuny-academic-commons/cac/commit/c22c2d

#13 Updated by Daniel Jones almost 5 years ago

Thanks Boone that worked. Excited for 4.1 to come out so we can just switch to the remove() method.

Now I've found a separate issue here - do we want people to be able to register 2 accounts with the same email? When I use a non-CUNY activation code and register with an email address that already has account, it activates the account just fine, as long as I use a different user name. Is that intentional?

#14 Updated by Daniel Jones almost 5 years ago

After playing around with this some more, I can't reproduce the ambiguous error above. Actually, when I grep for it it only shows up in a translation file, and nowhere in the actual code.

I do think that it could be confusing for people to get the strange "Activate your Account, Please provide a valid activation key." form below the errors that do come up. I don't think we can count on people thinking of the alpha-numeric string in the link in the email as a "key" so I don't know how useful that form is. Also right now it doesn't look like there's a particular error for keys expiring - is that because they just become invalid after a while, and so get caught by the "Invalid activation key" error?

We could change the activate.php file in the bp-nelo theme to provide more useful information for users about what next steps they can take given the error that they're getting, and some more explanation about what the problem might be. Would that be a good direction to go in? I did a proof-of-concept for that by stealing some code from the function that generates the error messages.

Let me know what you think.

#15 Updated by Boone Gorges almost 5 years ago

We could change the activate.php file in the bp-nelo theme to provide more useful information for users about what next steps they can take given the error that they're getting, and some more explanation about what the problem might be. Would that be a good direction to go in? I did a proof-of-concept for that by stealing some code from the function that generates the error messages.

A huge +1 to this. I encourage you to dig into the various ways that this could fail, and to try to come up with some text for the activation page that would actually be helpful. If it's decent (which is not a tall order, given the current state of things), we can put it into BuddyPress, and maybe WordPress.

#16 Updated by Matt Gold almost 5 years ago

Awesome.

#17 Updated by Daniel Jones over 4 years ago

Okay sorry for the delay - here's the changeset: https://github.com/cuny-academic-commons/cac/commit/eb0a2595be99aa033b70c92a668ec197d6bc87e8

I did my best on the copy for the error messages - it'd be good for someone more familiar with the site to review for accuracy and clarity though, and to make sure that it's based on what the actual use cases are. I also left in the changes to the non-CUNY sign-up plugin that worked around the trouble with unset(). Let me know if I should change that back. And with the next Wordpress release we can change it to a new method they're adding to the WP_Error class.

#18 Updated by Boone Gorges over 4 years ago

Thanks, Dan - this is a good start.

My initial thought is that the first case ("user is already active") is missing what I think is the most important suggestion: try logging in. In fact, I think that the very first thing a user sees if he tries to reuse an activation code is a message that says "It looks like your registration is already active. Try logging in with the username and password you created when registering." plus the login form itself. The other possibilities - that someone has sent you an incorrect code, etc - seem secondary. What do others think?

Dan - it may be worth putting the login form on the activation page even on successful activation. Logging in is, of course, the first thing an activated user will want to do.

Can you have a look into putting the form into the workflow?

#19 Updated by Matt Gold over 4 years ago

What do others think?

As long as the login form has a "forgot password" link, that sounds good to me. We may want to amend the message to direct people to the "forgot password" link if they can't remember their password. We may also want to share the email address so that people can write to it with any problems

#20 Updated by Daniel Jones over 4 years ago

Great ideas! Here's the changeset - https://github.com/cuny-academic-commons/cac/commit/6efd54345fc8eaa9a7a54237beac643c948500f6

Doesn't include one small typo fix on one of the calls to wp_login_form. I set the forms to redirect to my-commons - is that right? Also right now I'm including both the link to contact form and the email, do we want to keep both or do y'all prefer one over the other?

Let me know what you think!

#21 Updated by Boone Gorges over 4 years ago

Thanks, Dan! This is looking like it'll be a pretty big improvement.

I read over your messages in some detail, and looked back through the code to match up your messages with the actual failure points in the activation process. I think your wording is strictly correct, but it puts a bit too much focus on error conditions that are very edge-case, or are nearly impossible to debug without reinitiating the registration process. So I streamlined the language a bit in https://github.com/cuny-academic-commons/cac/commit/a10f507a1ccde4d613cf7ab9f536ff4ea49e2f7d.

I think that this is getting close, but I'd like to ask you to do some styling work before we get UX feedback. In particular, the login form looks a bit sketchy. It would ideally be styled like the login form on wp-login.php. I tried wp_enqueue_style( 'login' ), but this caused lots of other styles on the page to be messed up, so I rolled it back. Can you apply a little elbow grease to see if we can get the page looking a bit nicer - at a minimum, good spacing and alignment for the input fields? Thanks!

#22 Updated by Boone Gorges over 4 years ago

One more thing - we should probably remove the email references and replace them with contact form stuff when #3660 is resolved.

#23 Updated by Daniel Jones over 4 years ago

I think this could be ready for UX feedback - https://github.com/cuny-academic-commons/cac/commit/c4f21d71fd908d0dd0efd85640df418530833b78

The forms aren't exactly like the are on wp-login.php but they're pretty close. Thanks and let me know what y'all think!

#24 Updated by Boone Gorges over 4 years ago

  • Status changed from Assigned to Testing Required
  • Assignee changed from Daniel Jones to Samantha Raddatz

Dan, this looks great. Turning it over to Samantha for review.

Samantha, here are the two failure cases:

1. Invalid activation key: http://cdev.gc.cuny.edu/activate?key=123abc
2. Already-activated key: http://cdev.gc.cuny.edu/activate?key=963fc99669d915a5

Let us know what you think of the new flow, and if you have any suggestions about the wording.

#25 Updated by Matt Gold over 4 years ago

I agree that this looks great. On the invalid key, I think we should aim for a bit more brevity here:

"This error message could also mean that your activation link is malformed. If you got here by clicking a link that wasn't from a CUNY Academic Commons 'Activate Your Account' email message, you can try asking whoever sent you the link to make sure they sent you the correct one."

Samantha, can you please propose a rewrite of that text?

#26 Updated by Samantha Raddatz over 4 years ago

These are great! Very excited to see more specific error messages here.

In both cases, is it possible to include all of the added text in the red box or to copy that styling for the error text we've added? I worry that users may read the text in the red box but fail to read the rest because it isn't clearly linked to the error.

1. Invalid activation key
Proposed text:

If you registered more than two days ago, your registration has probably expired. Please register again.
If you accessed this page through a link from an individual, rather than an auto-generated 'Activate Your Account' email, please ask them to ensure they sent you the correct link.

2. Already activated key
A 'Forgot Password?' link would be helpful on this page to help anyone that doesn't recall the username and password they created when they originally registered.

#27 Updated by Boone Gorges over 4 years ago

  • Status changed from Testing Required to Assigned
  • Assignee changed from Samantha Raddatz to Daniel Jones

Thanks, Samantha! Feedback sounds good to me.

I'm sorta concerned that putting too much text into the red box will make it difficult to read, but we should be able to judge this pretty easily if we can actually see it in action. Dan, would you mind making the changes suggested by Samantha? Please feel free to do it directly on the 1.8.x branch, as I've merged the changes there.

#28 Updated by Daniel Jones over 4 years ago

I like the changes to the text, too.

I don't think it'll actually be too easy to put all the text in the error box, since it's generated by bp_core_render_message, and I think it'd be best to leave that alone. Would it be okay to just remove the red error box altogether and just have the whole error message in the main content section of the page? Or I could take out the error box that's on the page right now, and put in a new one that looks the same but doesn't use the bp_core_render_message function, just the same styling. Let me know what y'all think is best!

#29 Updated by Samantha Raddatz over 4 years ago

Or I could take out the error box that's on the page right now, and put in a new one that looks the same but doesn't use the bp_core_render_message function, just the same styling.

I think this is the better option of the two. We may need to change the styling to make it more readable, as Boone suggested, but let's start with this and see how it looks. Thanks!

#30 Updated by Daniel Jones over 4 years ago

Okay I made the changes to the text and moved it up into the red error message box - http://commons.gc.cuny.edu/activate/?key=d5e4b060ff5ea9c2

I got rid of the background color gradient in the error box because it looked pretty rough with the bigger box, and made the red just a little less bright. I think it looks okay - the main issue I see is that the link color is now pretty jarring and hard to read against the red.

Also - on the "The user is already active" message, do we want to take out the first line since it's information that's repeated in the next sentence? We might also want to modify some of the text for the "Invalid activation key." error now too. Let me know what y'all think!

#31 Updated by Matt Gold over 4 years ago

Hi All --

Re the Invalid Activation Key message, I have two questions:

1.

If you registered more than two days ago, your registration has probably expired. Please register again.

Is that really true? Ie., if someone went through registration and never confirmed, their email address, userid, etc is completely wiped from the user table and they can just register again with the same email address and id? Does the Unconfirmed plugin, which we have activated on the site, interfere with that in any way?

2.

This error message could also mean that your activation link is malformed. If you got here by clicking a link that wasn't from a CUNY Academic Commons 'Activate Your Account' email message, you can try asking whoever sent you the link to make sure they sent you the correct one.

Is this the most likely scenario, that someone clicked on a link that someone else sent to them? Having monitored the Commons support email address for a long time, I'd say that a far more likely and frequent scenario is that people click on a link from inside a proprietary email system that adds some junk to the URL when clicked and that causes the failure. In such cases, we usually ask people to cut and paste the link from the email directly into the browser. I think we should guide people towards that problem/solution here.

Re the already active registration key:

This looks good to me generally. But the text at the bottom reads:

If you can't log in and continue to have problems activating your account, please contact us at

A minor point is that if the user tries to log in from this page and that login fails, the user is taken to a failed login screen that doesn't include the above line, and it's really at that point that the user needs to see that line to know whom to contact. So perhaps we should consider adding that line to our template for a failed login, as well (though that should be on a separate ticket)

#32 Updated by Boone Gorges over 4 years ago

Is that really true? Ie., if someone went through registration and never confirmed, their email address, userid, etc is completely wiped from the user table and they can just register again with the same email address and id?

No, it's not deleted automatically. But after two days, the user_login is no longer reserved. So if someone attempts to sign up with the same user name, yours will be deleted. https://core.trac.wordpress.org/browser/tags/4.1/src/wp-includes/ms-functions.php#L514

In such cases, we usually ask people to cut and paste the link from the email directly into the browser. I think we should guide people towards that problem/solution here.

Agreed. I'd kinda forgotten that this happened. Dan, could you make the corresponding change in the language here?

So perhaps we should consider adding that line to our template for a failed login, as well (though that should be on a separate ticket)

Yes, and yes.

#33 Updated by Matt Gold over 4 years ago

Boone Gorges wrote:

No, it's not deleted automatically. But after two days, the user_login is no longer reserved. So if someone attempts to sign up with the same user name, yours will be deleted. https://core.trac.wordpress.org/browser/tags/4.1/src/wp-includes/ms-functions.php#L514

Thanks, Boone. New ticket created. As far as the above goes, does the system care whether someone tries to sign up with an email address used for an unconfirmed account after two days have passed?

#34 Updated by Boone Gorges over 4 years ago

does the system care whether someone tries to sign up with an email address used for an unconfirmed account after two days have passed?

It does the same check for email address. That is, an unactivated signup will be deleted if you register more than two days later with the same email address.

#35 Updated by Matt Gold over 4 years ago

Great - thanks for confirming.

#36 Updated by Daniel Jones over 4 years ago

Great I've updated the language to:
"If you accessed this page by clicking on a link in an auto-generated 'Activate Your Account' email, try copying and pasting the link directly from the email into your browser. Sometimes email clients add extra characters to links, which could be causing this error."

Here's the changeset: https://github.com/cuny-academic-commons/cac/commit/1b0b5351172c15c0be141422db363f1ad9fb316d

The second sentence might be TMI so I can take that out if y'all think it's best. I also removed the other error (with the wrong link being sent to the user) completely, because I think that's what you were suggesting, Matt. Let me know if I should put it back in. I'll get the contact line onto the failed log-in page today or tomorrow.

#37 Updated by Matt Gold over 4 years ago

Thanks, Daniel -- that revised message sounds perfect to me. Appreciate your work on this.

#38 Updated by Samantha Raddatz over 4 years ago

Hey Daniel,

The changes you've made sound great, but I don't seem to be able to view the most recent changes (old cdev links still show the old look, github link leads to a dead end for me).
Could you post idiot-proof links for me to take a look at when you have a chance? Thanks!

#39 Updated by Raymond Hoh over 4 years ago

Hi Samantha,

I've just updated cdev so Daniel's latest code should be up and running.

#40 Updated by Daniel Jones over 4 years ago

Sorry to be late here - thanks for updating the code, Ray! Samantha - just a heads up I don't think I have access to update the cdev...I actually haven't even ever viewed it. I generally just make changes on my local maching and post them up here for Boone or Ray to add into the cdev. Sorry!

#41 Updated by Samantha Raddatz over 4 years ago

No problem at all, Daniel -- thanks for making all these changes. And thanks to Ray for moving them to cdev.

I agree that the blue links are hard to read. How about changing them to a lighter blue, like #C2D7FF (mock-up attached so everyone can see what this looks like). I have some other color options we could explore if needed, but I think changing the link color is effective enough.

Also, on the already-activated page, the 'forgot password' link seems to be leading back to the activation page (http://cdev.gc.cuny.edu/activate/) rather than the lost password page (http://cdev.gc.cuny.edu/wp-login.php?action=lostpassword).

Otherwise, I say it's good to go!

#42 Updated by Daniel Jones over 4 years ago

Sorry I was so slow on this - was responsible for getting a new website launched this past week and that took up more time than I had expected. Here's the link to the changeset: https://github.com/cuny-academic-commons/cac/commit/a615859f8c12898c2b408238845c44b8bcfb1e53

Good catch on the broken link! Should be working now. I like the new link color better too - updated the stylesheet.

#43 Updated by Matt Gold over 4 years ago

Thanks, Daniel

#44 Updated by Daniel Jones over 4 years ago

Just want to make sure this is good to go - are there more changes to be made on my end?

#45 Updated by Boone Gorges over 4 years ago

Looks good to me, but let's get signoff from Samantha before closing.

#46 Updated by Matt Gold over 4 years ago

Is this live on CDEV? How best to check this out?

#47 Updated by Boone Gorges over 4 years ago

Yes, it's on cdev.

#48 Updated by Samantha Raddatz over 4 years ago

Looks good to me! Thanks for all your work on this, Daniel.

#49 Updated by Boone Gorges over 4 years ago

  • Status changed from Assigned to Resolved

Thanks, everyone!

Also available in: Atom PDF