Make it possible to embed input field on website about orgmanager HOT 16 OPEN

@jancborchardt Well, you could use the API to invite users to the organization...
Also, I am planning on building a small one-file php version that contains only the join page and uses the API.

from orgmanager.

Yeah I know I could, but I can’t cause I’m not that deep of a developer. ;) And I thought that’s maybe what orgmanager would be useful for too.

from orgmanager.

There’s no way it could just be using JS? Cause that would be immensely helpful for static pages like ours.

from orgmanager.

@jancborchardt Not without exposing your Orgmanager token, I think...
I mean, if you don't mind exposing your API token, you can make a form, transform output to json and use the API.
You migth want to take a look at the api docs...
http://docs.orgmanager.miguelpiedrafita.com
Also, stackoverflow about transforming form output to json:
http://stackoverflow.com/questions/11338774/serialize-form-data-to-json

from orgmanager.

@jancborchardt Maybe a form integration can be possible, but you need a way to keep the bots out, as you can't use your own recaptcha... Ideas?

from orgmanager.

Could we just embed an iframe with the form?

from orgmanager.

@simonv3 Chrome and Mozilla disabled iframes for security reasons. Also, iframes are deprecated for lots of security issues.

from orgmanager.

Huh, when did that happen? I'm fairly sure that sandstorm makes extensive use of iframes, and I use it in Chrome.

Edit: I don't think I see anything here about them being insecure or being disabled: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe

from orgmanager.

@simonv3 You're rigth. Iframes aren't deprecated. You may want to read about iframe security for pages that embed them. The problem I have is with the server-side validation. Orgmanager tries ro prevent bot signups, by providing a captcha on web request or requiring the admin's token on the API. Allowing forms would raise two security issues:

1. CSRF Protection. Orgmanager uses tokens to prevent Cross Site Request Forgery, and if I allow posting from the outside, I'd have to disable some routes, risking from malicious requests.

2. Bot prevention. As you can't add a dynamic token to static pages, there wouldn't be any bot prevention (or, at least, not any secure bot prevention).

I will make some tests with OrgManager and iframes as soon as I can and report results back.

from orgmanager.

@jancborchardt Is this still a need? It is the last issue open tagged before v3.0, and now that you linked the join page on the opensourcedesign website, maybe this can be closed...

from orgmanager.

I'll let @jancborchardt be the judge of that, he created the issue :)

from orgmanager.

@jancborchardt What do you think?

from orgmanager.

@jancborchardt @simonv3 I think I'm going to move this to v4 because I want to release v3 this week.

from orgmanager.

It would really be cool still – as said on #56 (comment)

That also gets everyone who lands on your page to get involved very quickly. Sure, with a button you could just link to the orgmanager page, but abstracting the whole thing away through just an input field or a button which launches Github auth would be even cooler.

from orgmanager.

@jancborchardt So then, this can be closed in favour of #56?

from orgmanager.

@m1guelpf :D I think #56 should be closed in favor of this, since this here is much clearer, and the other issue was a completely different one at the start. ;)

from orgmanager.