Visitor actions that redirect to Login should remember & execute action

[mekarpeles]

Proposal

Similar to:

• Save/preserve patron's registration action post-registration  #9409

Currently, clicking on Follow, Borrow, or Want to Read as a not logged in visitor will send patron to login without remembering or performing the action they performed.

Whereas #9409 attempts to remember a patron's originating request (Follow, Borrow, or Want to Read) throughout a complicated registration process using cookies, This issue proposes we more modestly extend the existing login flow capabilities to remember and complete a visitor's requested op (operation) after successful login and before we redirect them back to where they came from. We will also use our existing add_flash_message to add a temporary flash message to the screen indicating whether the action was completed or failed. The redirect flow is already complete.

Proposed Solution

Let's implement a generalized flow to extend the capabilities of the login flow to remember and complete a visitor's requested op (operation) in the cases of Follow, Borrow, or Want to Read.

Let's start with Follow as the requirement for completing this specific issue.

Justification

Problem:

Today when a visitor clicks a button like Follow, Borrow, or Want to Read, they are sensibly redirected to the login page /account/login?redirect=$(ctx.path) in a way that uses a redirect url GET query params to preserve the $ctx.path (i.e. the original page they came from) so the visitor can be redirected back after successful login...

However the action itself (i.e. Follow, Borrow, or Want to Read) the patron was trying to complete is not executed upon successful login.

Example

• Update Trending Now cards to display patron (if reading log public) #10241
  By using the Follow macro to add Follow buttons to the /trending page results, a visitor that is not logged in might click the Follow button, be brought to login, and then brought back to the /trending page after being successfully logged in, but the actual Follow operation they requested is never actually performed! The visitor would have to click Follow, successfully perform login, be brought back to the /trending page and then know they have to click Follow again. This is both non-intuitive and either difficult or impossible because the /trending page by nature changes from moment to moment and the reader our patron was trying to follow may no longer be featured on the trending page when they return from login! 🤦

Impact

This likely impacts thousands of visitors who are either new and have a poor first experience, or who have accounts and thought they were logged in.

Breakdown

If/when a visitor clicks Follow and goes to the the login flow, the parameters necessary to complete the Follow request would somehow be captured and passed along within the login url/flow (e.g. the Follow macro url here https://github.com/internetarchive/openlibrary/pull/8607/files#diff-f8a08ee2ccd19673120d20e7bb9a9bb0522f49eed20aa98edd0007787058c302R17 might be updated to include additional parameters like /account/login?redir_url=$(ctx.path)&op=follow,publisher:$publisher,&state:$following) so after login is successful, the follow command would get executed on the backend before the logged in patron is redirected to the redir_url (i.e. the page they came from).

Here is the login handler (the GET and POST) where the login flow happens:
https://github.com/internetarchive/openlibrary/blob/master/openlibrary/plugins/upstream/account.py#L399-L476

We might update https://github.com/internetarchive/openlibrary/blob/master/openlibrary/plugins/upstream/account.py#L427 onward within the GET code to add:

# this extracts or sets defaults for GET query `?params=` in the url
i = web.input(redirect=referer, op=None)  # add `op`
op = {}
f = forms.Login()
f['redirect'].value = i.redirect
return render.login(f, op=i.op)

We can then update the login template to get passed access to this op object (to be passed along with the POST request)

https://github.com/internetarchive/openlibrary/blob/master/openlibrary/templates/login.html#L1

$def with (form, op=None)

And we add another hidden parameter like redirect
https://github.com/internetarchive/openlibrary/blob/master/openlibrary/templates/login.html#L72 called "op" to the login template that will pass along the values in our op to the POST controller in the backend:

<input type="hidden" id="op" value="$op" name="redirect" />

Finally, we extend our login POST handler https://github.com/internetarchive/openlibrary/blob/master/openlibrary/plugins/upstream/account.py#L476 to safely perform the op.

stats.increment('ol.account.xauth.login') # after this line...
if i.op:
    """
    assuming url is: "?op=follow,publisher:xxx,state=yyy"
    i.op should be: "follow,publisher:xxx,state=yyy"
    """
    # Split and extract/unpack op, such that:
    # op="follow", its args=["publisher:xxx", "state:yyy"]
    op, *args = i.op.split(",")
    # Converts args to dict {'publisher': 'xxx', 'state': 'yyy'}
    params = {k: v for kv in args for k, v in [kv.split(":")]}
    if op == "follow":        
        new_perform_function(op, **params) # exercise left to reader! :)
raise web.seeother(i.redirect)

At which point you'll have to think about the best way to implement this new perform function which, based on the value of op may need to do different things, check and safely sanitize the parameters, and add a toast message with success or failure of the action

The remaining unknowns here for contributors are:

1. How do I perform the follow action?

• Here is the (json) API where we currently perform Follows (we'll want to only run the relevant lines in our new login flow): https://github.com/internetarchive/openlibrary/blob/master/openlibrary/plugins/openlibrary/api.py#L518-L519

2. How do I do the flash message?

• from infogami.utils.view import add_flash_message
• here's an example already used in our account controllers

  openlibrary/openlibrary/plugins/upstream/account.py

  Lines 777 to 779 in f8af7cf

  	add_flash_message(
  	'note', _("Notification preferences have been updated successfully.")
  	)

---

Instructions for Contributors

Please run these commands to ensure your repository is up to date before creating a new branch to work on this issue and each time after pushing code to Github, because the pre-commit bot may add commits to your PRs upstream.

[ShilpThapak]

Hi Mek,
I’d like to work on this issue. Could you please assign it to me?

[mekarpeles]

Hi @ShilpThapak, sure we'd love your help. Please note that this issue is an important companion to:

• Update Trending Now cards to display patron (if reading log public) #10241
  which led by @SharkyBytes and so you two will likely benefit from coordinating as you have questions! Once you've completed this issue, it may make sense for us to create an issue for supporting the Want to Read and Borrow flows, respectively.