merge accounts

[ghost]

2 ways, allow both twitter user add their email,
and email user should be able to add twitter name

[Undeadlol1]

There is a special package for this: bozhao:link-accounts

[ghost]

yes, i know about it.
some more details is about picking a username. @21xhipster says twitter username should be preserved, so people won't take other's usernames. (idea is that twitter is more-less public entity, while email is anonymous. i.e. we prefer tw over email; another small thing is restricting non-twitter users for public actions, which is implemented )

on the other hand, twitter allows changing a username, so does username at cyberfund, bound to twitter account. which is not good - imagine person picks username ( not having twitter account, using email ), and even if that username was correct at registration time, once twitter appears with same username - boom, we now prefer twitter user against email user already registered.

so letting a user with email + without twitter to pick a username is not trivial..

using just a email instead of username - maybe ok, but for me seems bad.

username is username, you either have one or not, it s not email address. also, even if we use emails for email users - it s not clear is it ok to have profile link like https;//cyber.fund/@[email protected].

that s why merging accounts is currently suspended

[Undeadlol1]

Since i am not a smart man, let's narrow it down to solve the problem. We need accounts system which has this things:

1. different ways to register in website (email, facebook, twitter etc), but twitter being mandatory.
2. having a username which user can not change (is this correct?) for things like /:username
   Solution for first problem:
   Allow different ways of login, but implement onBeforeLogin hook which will not allow users to login with anything unless they have a twitter account. Here is a scenario: new user goes to "/sign-in" and clicks a facebook button, then warning message appears which says "Sorry, for new users only registration via twitter is available. Afterwards you can link your facebook account in your 'profile settings' and login anyway you prefer"
   Solution for second:
   I do not use twitter but i am pretty sure that twitter handle is unique. Allow users do what ever they want with their usernames. But use twitter handle for important stuff like route name. "/@Undeadlol1" or just "/undeadlol1" with some regular expression magic or just ["@Undeadlol1"].substring(1)

[Undeadlol1]

By the way there is a serious flaw with a whole mindset of "we need twitter first and foremost". What if in a future website will rely on something different than twitter? For example, loging throw some decentralized databases services.

[ghost]

1. no, twitter is not mandatory. whole issue began as some people just want using email, and not twitter.
   @21xhipster tells there d be some separation, like having a registered email lets you receiving, say, daily portfolio report, and having a twitter allows you to vote (start/follow), and use public portfolios. main reason to forbid email-only people using public features is to avoid scam and cheats like: a) our rating system currently heavily depends on user stars, so just making 100 accounts and adding 100 stars for some system would push its rating up, and other systems down , b) bad guy would create a fake portfolio and "sell" it to someone as his property. it is believed (why? i dunno) that if a person has twitter, he won't harm others this way. it makes some sense - at least you can lookup what kind of person you deal with, i.e. faking social activity is an extra step in this case.

2. no, not correct. twitter allows you to change your username. and we aiming that twitter screenName changes are reflected on the site. this sucks, but happens.
   and also this won t allow non-twitter user picking up a username (what happens when twitter account with same username appears?).
   at least, while we re willing to keep 1:1 site username with twitter screenName.

i agree this is flaw. relying on twitter aims to provide kind of social trust - which regular email won't provide. for me, whole situation is weird, but @21xhipster is the boss.

[Undeadlol1]

1. allow users to register\login by email or twitter.
   a) if user login via email reference him by email or _id, ("/132484282"). If he wants to do something restricted ie rate something, redirect him to /link_your_twitter page". You most likely already have someways to check users actions like checkUserLoggedIn(). Extra mixin should be applied to it: checkUserHasTwitter()
   b) user logs in via twitter. Allow him to link his email in profile settings to recieve notifications. And reference him username ("/rickymartin"). Special function can be created to check whatever route has username string or mongodb _id. Here is a solution.

2. do not allow users to change name or pick usernames in this website. Only reflect twitters username, because you can not make two @Katyperry's and you can not change username to @Katyperry or @BarackObama. It is unique name and therefore is reliable.

In this case the only question remains is: what to do with email-only users? How to give them a username because displaying only email seems silly.
I would fix it by giving email users ability to create username on registration but make that username display only and not unique. Just a profile string. And to avoid scam artists i would do what twitter does. Whenever username must be displayed show two strings at once - picked username and email underneath it.