As a donor, I want the links within Give emails to work with as few hurdles as possible while still securing my information so that I am not frustrated when attempting to access my information.
We should work to strike a better balance between security and convenience. As an example, if I donate on my desktop and immediately open the receipt email on my phone, I should not have to verify email access when I just clicked a link _from my email inbox_.
The issues within this epic each address specific behaviors that need improvement, but they are all related to a common need to better meet user expectations when interacting with Give emails.
Participants: @ravinderk @mehul0810 @kevinwhoffman
Topic: Email link behavior in Give donor emails
Result: We reviewed Shopify's approach to receipt emails and found that Mehul had already started down a similar path which uses a hashed key to verify that a link was clicked from the donor's email. We also laid out some best practices and concerns that we want to keep in mind throughout this epic:
Participants: @mehul0810 @ravinderk
Topic: Discussion about the point (2), its complexity, and its need
Result: I and Ravinder think that redirecting the URL containing query string to a pretty link will add complexity and if in case the URL is obtained by an anonymous user then only that particular donation receipt details are leaked, not the complete history.
Also, if the donation receipt is for recurring donation then a link "Manage Subscription" is displayed below the donation receipt and clicking on which will take a user to email access form.
@kevinwhoffman Can we do a quick call tomorrow so that we can discuss the point (2) necessity and I can demo you the complete functionality related to email access and donation receipt view link and download link in an email.
AS per the call, I and @kevinwhoffman agreed that we don't need to address point (2)
we don't need to address point (2)
Yes, @mehul0810 explained that introducing a redirect for the sake of removing the query string would add complexity to the solution with no real benefit. The unique key in the query string only provides access to that single receipt, so we agreed it's okay to leave it in the URL.
@kevinwhoffman Closing this issue in favor of https://github.com/impress-org/give/pull/3973
Let us know if you still able to reproduce this
I have tested the following issues and confirm they working according to the best practices above:
Tested but with problems reported in issue:
I will test the new email template tag once #806 is resolved above.
Closing, all issues in Epic have been merged.
Most helpful comment
Slack Call Summary
Participants: @ravinderk @mehul0810 @kevinwhoffman
Topic: Email link behavior in Give donor emails
Result: We reviewed Shopify's approach to receipt emails and found that Mehul had already started down a similar path which uses a hashed key to verify that a link was clicked from the donor's email. We also laid out some best practices and concerns that we want to keep in mind throughout this epic:
Give Email Access Best Practices