Skip to content

request flow #1159

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
bikubi wants to merge 104 commits into
base: main
Choose a base branch
from
Open

request flow #1159

bikubi wants to merge 104 commits into from

Conversation

@bikubi
Copy link
Contributor

@bikubi bikubi commented Dec 3, 2025

it's a lot!

companion: okfde/fragdenstaat_de#920

@bikubi bikubi requested a review from krmax44 December 3, 2025 12:41
@bikubi bikubi mentioned this pull request Dec 3, 2025
Open
krmax44
krmax44 reviewed Dec 8, 2025
View reviewed changes
@krmax44
Copy link
Member

krmax44 commented Dec 8, 2025

Seems like migrations are missing.

krmax44
krmax44 reviewed Dec 8, 2025
View reviewed changes
krmax44
krmax44 reviewed Dec 8, 2025
View reviewed changes
krmax44
krmax44 reviewed Dec 8, 2025
View reviewed changes
krmax44
krmax44 reviewed Dec 8, 2025
View reviewed changes
@bikubi bikubi force-pushed the bikubi/request-flow branch from 4c87b12 to 6fc2e08 Compare December 10, 2025 14:36
krmax44
krmax44 reviewed Dec 11, 2025
View reviewed changes
krmax44
krmax44 reviewed Dec 11, 2025
View reviewed changes
@krmax44

This comment was marked as resolved.

Sign in to view
bikubi added 13 commits December 12, 2025 19:06
@bikubi
start new request flow implementation
e1581f2
@bikubi
clean up
7f57c67
@bikubi
refactor filter badge component
0a69029
@bikubi
redo steps logic, support the various hide_ GET parameters
93e5f50 
- also fix initStoreValues from form
- also keep visited SimpleStepper steps clickable
@bikubi
syntax fix, cleanup
608b68b
@bikubi
improve validation of subject + body
514f6b2 
also move nonfielderrors
@bikubi
validation for address
691540f
@bikubi
validate some max_lengths, cleanup+fix steps
d6ee5c5
@bikubi
refactor UserCreateAccount, validate everything as consistently as po…
d3062e8 
…ssible
@bikubi
restructure public body search
6145096 
- implement grouping + use for jurisdiction-by-regionkind
- allow null-choice + use for region
    - show kind-hints, when using null-choice
@bikubi
add "confirm i do not request private info" checkbox
8d8b87d
@bikubi
implement similar search, with results and pagination
29cc603 
TODO API support
@bikubi
cleanup
ef543a8
krmax44
krmax44 reviewed Dec 15, 2025
View reviewed changes
frontend/javascript/snippets/purgestorage.ts
@@ -0,0 +1,14 @@
// make-request stores PII in sessionStorage -- but it will survive a logout.
Copy link
Member

@krmax44 krmax44 Dec 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems kind of brittle. Maybe instead, we could store the user id in the session storage data, and only use it if it matches the current one.

Can you think of problematic situations of PII data surviving a logout?

Copy link
Contributor Author

@bikubi bikubi Dec 15, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Logged out users don't have a userId that could be stored; generating a temp uuid just moves the problem elsewhere...
I've had the idea at some point (I though I had left a comment somwhere) to add a userId to the scope ~ sessionStorage.setItem('froide-store-make-request' + user.id, JSON.stringify(….

Problematic situation I just came up with: when you log out in a different tab, the "session tab" remembers your name... hm.

But sessionStorage sounds so clean..!

Copy link
Member

@krmax44 krmax44 Dec 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

But does that lead to glitches or something like that? Regarding PII, that data doesn't leave the browser unless the user wants to, right? I don't see an inherent privacy issue.

Copy link
Contributor Author

@bikubi bikubi Dec 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't see glitches; the situation I described above could be described as surprising.

In terms of privacy, I was thinking about the classic "leave a tab open on a public/shared computer".

krmax44
krmax44 reviewed Dec 15, 2025
View reviewed changes
froide/account/forms.py

def clean_address(self) -> str:
address = self.cleaned_data["address"]
# TODO validate like clientside? cf. addressRegex in user-address.vue
Copy link
Member

@krmax44 krmax44 Dec 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@stefanw is there a reason against that?

krmax44
krmax44 reviewed Dec 15, 2025
View reviewed changes
krmax44
krmax44 reviewed Dec 15, 2025
View reviewed changes
krmax44
krmax44 reviewed Dec 15, 2025
View reviewed changes
krmax44
krmax44 reviewed Dec 15, 2025
View reviewed changes
froide/foirequest/templates/foirequest/sent.html
</div>
</div>
</div>
{% addfrontendbuild "makerequest_purgestorage.js" %}
Copy link
Member

@krmax44 krmax44 Dec 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Low prio: Altough it's not terribly brittle (however, the sent page is actually always accessible), this should probably be handled by the form. Alternatives:

  1. Purge the storage before submitting the form (catching preventDefault). Should the form not properly submit (i.e. offline), all data is lost. Not ideal.
  2. Serialize the form data (new FormData(formEl)) and send it via fetch. If it succeeds, purge the storage and redirect.
  3. Create a proper API endpoint haha

Copy link
Contributor Author

@bikubi bikubi Dec 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, 2. is what I did with post-upload at the beginning, too.
Not sure how well it will handle the potential proof upload.

krmax44
krmax44 reviewed Dec 15, 2025
View reviewed changes
krmax44
krmax44 reviewed Dec 15, 2025
View reviewed changes
krmax44
krmax44 reviewed Dec 15, 2025
View reviewed changes
krmax44
krmax44 reviewed Dec 15, 2025
View reviewed changes
krmax44
krmax44 reviewed Dec 15, 2025
View reviewed changes
krmax44
krmax44 reviewed Dec 15, 2025
View reviewed changes
@krmax44
Copy link
Member

krmax44 commented Dec 15, 2025

The find similar requests step might currently be a bit confusing, as there's no description of what the user should do. The input field has no placeholder.

image

Instead of "Continue" (Weiter), maybe the button should say "Skip". Maybe after some time, a little encouragement should pop up ("The information you're looking for isn't available yet? Then let's request it!"), to avoid users getting stuck here.

Low prio/think about it later: Not sure if the "Campaign" filter is that useful here, actually.

@bikubi
Copy link
Contributor Author

bikubi commented Jan 5, 2026

The find similar requests step might currently be a bit confusing, as there's no description of what the user should do. The input field has no placeholder.
image

Instead of "Continue" (Weiter), maybe the button should say "Skip". Maybe after some time, a little encouragement should pop up ("The information you're looking for isn't available yet? Then let's request it!"), to avoid users getting stuck here.

Changed "next" to "skip".

  • if popup, where, how? tooltip for the "skip" button?
  • or after the first search, the lower skip button changes back to "next" and gains a help text "The info... let's request it!")
  • or maybe, just an (over)emphasized "(optional)" in the heading: "Find similar requests (optional)"?

Low prio/think about it later: Not sure if the "Campaign" filter is that useful here, actually.

yeah, if taken at strict filter face value... but it also sneakily serves as a neat "look at all our campaigns" browser?

@bikubi bikubi force-pushed the bikubi/request-flow branch from da72806 to ce6bdcd Compare January 5, 2026 21:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@krmax44 krmax44 krmax44 left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@bikubi @krmax44