Opting in to recommendations asks you to sign in with the wrong text

So the client needs to change so that:
- if there is no token, we use the
    api/1.0/profile/(?P<uuid>[\dabcdef]{32})/$ [name='api-anon-profile'] API to opt-in
- if there is a token, we use what we had before

- if there is no token the server needs to provide a API for recommend_me that works without auth
- if there is a token, nothing will change

- if the user opts in for e.g. purchase or reviews use the authenticted submit_profile call on the next
  submit_profile call (the one that is done regularly)

If there is consensus if that is the right approach or not the following branch lp:~mvo/software-center/recommendations-by-uuid-only should mostly implement the client bits, the server needs a new recommend_me call that works by uuid only (instead of token).

Hi mpt, I believe you had a few conversations last week regarding this issue. Could you let us know if the final decision was to implement this change? For now, I will remove it from the milestoned list. If we are to make this change, please let us know asap and we can retarget.

Many thanks!

The bug itself that there is a sign-in dialog at startup for invalid tokens and that the dialog has a misleading text needs to be sorted for 12.04.

At this point my suggestion is to simply show the "opt-in" button again if the token is not working. Does that work for you mpt?
The alternative would be to show the login dialog at startup with a better text. This requires a string freeze exception unless
we can reuse the opt-in text that is already in the application.

I asked David about this on the 4th. He preferred requiring sign-in for recommendations, on the grounds that it would lower the barrier for later purchases. Unfortunately I didn't realize, until after the call, that you still need to sign in for purchases even after signing in for recommendations. (Maybe that's fixable, but certainly not for 12.04.) And I have not succeeded in contacting David since.

As I understand it, if we remove the sign-in requirement, we need to:
- merge the recommendations-by-uuid-only branch
- finish implementing the corresponding function on the server before release day.

If we keep the sign-in requirement, we need to:
- fix the dialog text (string freeze exception)
- remove the word "anonymous" from the recommendations blurb (string freeze exception)
- as you suggest, revert to opted-out state if the token is not working.

Just a note that the token check you mention will be part of the fix I already have planned for bug 973612.

In reference to mpt's comment #5, the issue about having to sign in for purchases is that we require a web-based sign-in to Ubuntu SSO each time a purchase is initiated (this is required only once per Software Center session). This is different to the one-time sign-in that we do in the client with the client-side Ubuntu SSO dialog for recommendations and ratings/reviews. The issue is that we don't currently use this local logged-in status in the purchase flow, even though we could and that would allow us to skip this step in the webkit flow. However, it's apparently not trivial to do this currently (this last from a conversation last week with Ricardo Kirckner), so this will have to wait for next cycle.

re #4, the goal is to increase the number of people who have logged in (or created accounts) locally/clientside in USC, this is a pre-requisite for a client side logged in experience.

The subsequent login with the same credentials during the purchase is something that is also required.

Having some timeout based on our risk level for fraudulent/child purchases is a future discussion when we save payment details.

Ok, so I have verified verbally with David (and per his comment #8 above) that we are to go with requiring sign-in along with recommendations opt-in. In fixing bug 973612, I have implemented most of what we need for this bug as well.

  lp:~gary-lasker/software-center/recommendations-sso-login-lp973612

The above branch implements the SSO sign-in specifically for recommendations, and it reuses the already-existing opt-in text from the lobby panel in the SSO dialog itself so that we can avoid adding a whole new string so far after string freeze. This seems a perfectly reasonable approach to me, and I have added a FIXME in the code to change this text at a later date if we deem it necessary.

The above branch also handles the case where the user has previously opted-in but later the Ubuntu SSO token is found to have been removed, revoked, or otherwise invalid (in other words, it is always checked now). In this case, the SSO dialog is displayed again and if it it cancelled, the user is opted-out of recommendations and the previous opt-in panel is restored (see bug 973612).

The user can choose to opt-in again at any time.

The only piece remaining to do for *this* bug, then, is to remove the word "anonymous" from the opt-in text. I'll make a second branch (that depends on the branch above) to do that.

Thanks, all!

The attached branch lp:~gary-lasker/software-center/recommendations-sso-login-lp967064 makes the needed string change, and completes the changes needed for this bug.

NOTE that this branch will require a string freeze exception!!

The string freeze exception has been filed separatly and is in-process now at bug 986437. For purposes of *this* bug, the fix is now fully fix-committed.

Hello Matthew, or anyone else affected,

Accepted software-center into precise-proposed. The package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

I verified this fix in software-center version 5.2.1 in precise-proposed per steps to reproduce in the description.

Many thanks!

This bug was fixed in the package software-center - 5.2.1

---------------
software-center (5.2.1) precise-proposed; urgency=low

  [ Michael Vogt ]
  * lp:~mvo/software-center/lp977179:
    - make the review UI react correctly to conditions of network
      availability (LP: #977179)
  * lp:~mvo/software-center/fix-crash-deb-file-size-calc:
    - fix crash when installing a deb file that is not found in
      the current apt cache
  * lp:~mvo/software-center/lp981992:
    - fix a crash in the new a11y code if there is a row that has
      no data or is not yet preloaded (LP: #981992)
  * lp:~mvo/software-center/fix-gmenu-searcher:
    - fix the menu searcher for non-Unity configurations after
      the app-install-data-ubuntu file layout changed
  * lp:~mvo/software-center/lp808455:
    - trivial fix for crash on downstream distros (LP: #808455)
  * lp:~mvo/software-center/lp927262:
    - fix crash when get_vadjustment() returns None (LP: #927262)
  * lp:~mvo/software-center/utf8-fixes:
    - fix various utf8-related crashes (LP: #943500, LP: #922225,
      LP: #917755)
  * lp:~mvo/software-center/gwibber-utf8-lp985255:
    - fix a utf8 crash in the gwibber integration (LP: #985255)
  * lp:~mvo/software-center/workaround-gtk-regression-lp986186:
    - workaround performance issue with the Gtk.TreeView.set_model()
      call when there is a cell_data_func attached. Not every user is
      affected (settings dependant somehow), but when affected it causes
      a massive performance degration for huge list models like "System"
      (LP: #986186). This branch works around the problem by disconnecting
      the cell_data_func before setting the new model.
  * lp:~mvo/software-center/fix-clear-credentials-race:
    - fix an incorrect use of the sso dbus backend, we now correctly
      wait until it emits a CredentialsCleared signal (LP: #986117)

  [ Gary Lasker ]
  * lp:~gary-lasker/software-center/add-to-launcher-after-auth-lp972710:
    - fix bug where an application will be added to the Unity launcher
      in the case where the user cancels the installation auth dialog
      (LP: #972710)
  * lp:~gary-lasker/software-center/recommendations-sso-login-lp973612:
    - fix bug where the recommendations opt-in panel is hidden if
      the user declines the SSO dialog after opting in (LP: #973612)
    - fix the user experience if the user has previously opted-in to
      recommendations and their SSO token is found have been removed
      or revoked or otherwise found to be invalid (LP: #967064)
    - improve the responsiveness of the spinner in the recommendations
      flow
 -- Michael Vogt <email address hidden> Thu, 26 Apr 2012 09:47:19 +0200