{"id":701,"date":"2018-06-15T14:57:14","date_gmt":"2018-06-15T14:57:14","guid":{"rendered":"http:\/\/blogs.magicjudges.org\/judgeapps\/?p=701"},"modified":"2019-05-05T12:13:05","modified_gmt":"2019-05-05T19:13:05","slug":"judgeapps-updates-may-2018","status":"publish","type":"post","link":"https:\/\/blogs.magicjudges.org\/judgeapps\/2018\/06\/15\/judgeapps-updates-may-2018\/","title":{"rendered":"JudgeApps Updates \u2013 May 2018"},"content":{"rendered":"

Wow! This was a busy month. From emails, to users, to events\u2026 And some other things. If you want to know what happened to JudgeApps during the month of May, you\u2019re in the right place.<\/span><\/p>\n

Email Verification<\/span><\/h1>\n

For those of you who missed <\/span>Dan\u2019s post<\/span><\/a>, we\u2019re now verifying email adderesses for JudgeApps accounts. If you ever missed a GP application window, got locked out of your account because the password reset email was sent to a different address, or missed a notification about your judge level maintenance requirements, you know why this is an important step.<\/span><\/p>\n

We had a few issues when the verification emails started going out, but as far as we know, they\u2019re all fixed now. The first issue was people not expecting to get the emails in the first place, and got scared when they did. We attempted to make this process as painless as possible by clarifying the massage and header for the email as much as we can.<\/span><\/p>\n

Even if you were expecting to get an email the next time you log into JudgeApps, some people were surprised to get one without visiting JudgeApps at all. Apparently, blog posts that refer to a judge, load an image from that judge\u2019s JudgeApps profile. If a judge was logged in to JudgeApps (most people stay logged in at home) and read a blog post that featured a judge, the JudgeApps server got a request while an unverified judge was logged in, and sent an email to the judge reading the article, as if they just visited the JudgeApps website. This shouldn\u2019t happen anymore.<\/span><\/p>\n

The last issue that was ironed out was new users not being able to verify their emails. They got an email, they clicked on the verification link, and then they got an error. As users that weren\u2019t active users before the email was sent, they weren\u2019t allowed to access JudgeApps, including the activation page. We made sure this link is now accessible to new accounts as well.<\/span><\/p>\n

Security and Privacy<\/span><\/h1>\n

A common theme in the last few months is our efforts to improve the security of the website and protect the privacy of our users. This month was no different.<\/span><\/p>\n

We talked about OIDC in the <\/span>March update<\/span><\/a>, and now we changed the login duration to one minute. What does it mean? When you connect through the website, you probably do so from your own computer or phone, and you intend to spend some time logged in. When you\u2019re using a 3rd-party app to do so, however, you probably don\u2019t need JudgeApps beyond getting some user data, so there\u2019s no need for the session to be open (and your account accessible) for more than a short period of time.<\/span><\/p>\n

Another issue was the ability to access parts of events that are still marked as drafts by guessing the event number. We changed the permissions required to access events so being logged in into JudgeApps isn\u2019t enough anymore. Now you actually have to be on staff for the event to be able to see it before it\u2019s published. We also fixed a small bug that allowed people who are not logged in to see judges\u2019 and draft events, because an undocumented API that is used by the \u201cautocomplete\u201d fields had accidentally been left open to the public.<\/span><\/p>\n

Finally, we improved XSS protections for a total of five types of data on the site. Previously, we assumed that certain data was HTML-safe. Technically, people could enter text there that would include scripts that run in a user\u2019s browser. We now make sure that text can\u2019t be interpreted as code.<\/span><\/p>\n

Forum Emails<\/span><\/h1>\n

Forum emails got some attention this month, with several improvements. First, we updated the footer (the part at the bottom with all the links). It now tells you how many people you\u2019ll be replying to, and allows you to send a reply directly to the post author. Second, we added some line breaks, to make the footer more readable.<\/span><\/p>\n

Beyond the cosmetics, the links didn\u2019t work in some email programs. This should be fixed. Also, we sped up the process of deciding who should get a notification for forum posts, so it takes less time for a notification to be sent after a message is posted.<\/span><\/p>\n

User Profiles<\/span><\/h1>\n

First of all, if you didn\u2019t read Dan\u2019s post about updates to user accounts (linked above), you should. We have new guidelines about what should (or shouldn\u2019t) be in your profile. Your name should be the one people call you by. A nickname is even better than your full name if that\u2019s how people call you. The purpose is for people to know how to call you when they meet you. Names that are supposed to hide your identity are not allowed. Your location must be correct, and within your main region. You can block it so people can\u2019t see it, but it must be where you currently reside. Your DCI number should be the one you use when you judge. We use it to check your activity with WotC for renewal purposes, and the wrong DCI number might cause problems. Finally, the websites and social media links you add to your profile are expected to relate to you, and activity in those websites is expected to be in accordance with the Judge Code of Conduct.<\/span><\/p>\n

On the more technical side, we fixed a tooltip that messed with the profile picture. You can also add a link to your Twitch account to your profile.<\/span><\/p>\n

Events<\/span><\/h1>\n

In addition to user profiles, the <\/span>policy for events was updated as well<\/span><\/a>. Events are meant for two purposes: staffing tournaments, and education. While social gatherings are very important and highly encouraged, they should not be official JudgeApps events. Events created on JudgeApps send notifications to a lot of people, and make relevant events harder to find. Social gatherings can be managed through social media or the forums instead.<\/span><\/p>\n

In a similar fashion, we are trying to separate important information from social talks by adding a new feature to GP events. Now, instead of one forum, where shift information can be completely lost in a sea of escape rooms and room sharing posts, each GP will have two forums: one for official announcements, and one for everything else. Each of those forums has its own notification settings, so you can turn off all the chatter without missing the HJ\u2019s plan for product distribution.<\/span><\/p>\n

 <\/p>\n

\n

If you liked what we did this month, or have any ideas for us to implement in the next, please send some <\/span>feedback<\/span><\/a> our way.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

This update has some important things you should know. The TL;DR version: update your profile according to the new guidelines and think twice before creating new events. If you want a broader review of the happenings of the month, keep reading…<\/p>\n","protected":false},"author":368,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_links_to":"","_links_to_target":""},"categories":[9],"tags":[],"language":[11],"class_list":["post-701","post","type-post","status-publish","format-standard","hentry","category-updates","language-en"],"_links":{"self":[{"href":"https:\/\/blogs.magicjudges.org\/judgeapps\/wp-json\/wp\/v2\/posts\/701","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.magicjudges.org\/judgeapps\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.magicjudges.org\/judgeapps\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.magicjudges.org\/judgeapps\/wp-json\/wp\/v2\/users\/368"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.magicjudges.org\/judgeapps\/wp-json\/wp\/v2\/comments?post=701"}],"version-history":[{"count":2,"href":"https:\/\/blogs.magicjudges.org\/judgeapps\/wp-json\/wp\/v2\/posts\/701\/revisions"}],"predecessor-version":[{"id":703,"href":"https:\/\/blogs.magicjudges.org\/judgeapps\/wp-json\/wp\/v2\/posts\/701\/revisions\/703"}],"wp:attachment":[{"href":"https:\/\/blogs.magicjudges.org\/judgeapps\/wp-json\/wp\/v2\/media?parent=701"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.magicjudges.org\/judgeapps\/wp-json\/wp\/v2\/categories?post=701"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.magicjudges.org\/judgeapps\/wp-json\/wp\/v2\/tags?post=701"},{"taxonomy":"language","embeddable":true,"href":"https:\/\/blogs.magicjudges.org\/judgeapps\/wp-json\/wp\/v2\/language?post=701"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}