Some thoughts/feedback on DFF's first grant round using Hypha

Hi all, just wanted to note down some thoughts and feedback from DFF’s first round of using the Hypha platform. Some others suggested it could be useful to share and add to the ongoing discussions.

• While only a limited number of people gave feedback compared to the number that actually used Hypha, this feedback was overall very positive, with people saying it was self-explanatory and easy to use. Those who had used our previous application method also rated Hypha better.
• Copy to clipboard feature useful. Also liked the ability to download the application form as a Word document, which was very useful for preparing and discussing with the team before submitting.
• For messages, it wasn’t always clear when to use the communications tool within the platform, and when to just email directly.
• Uploading of documents was confusing at times. The platform did not clearly indicate whether an upload was successful/which documents were already uploaded. This lead to some confusion and unnecessary double-uploads. There was also an issue where uploads had hashes attached. And if a document was uploaded multiple times the hash became so long that it created an error that prevented submission.
• Only being able to share documents by linking in the application form, or uploading with the application, was a bit limiting. Would be good to have a space where documents can be easily shared.
• Once the application was submitted, applicants couldn’t download the documents they uploaded. It would be helpful to do this to double check whether the right version was submitted.
• Some issues with amounts. Some entered an amount using the European method where a full stop is the indicator of one thousand (i.e. 20.000 = twenty thousand), but Hypha read this differently (i.e. 20.000 = twenty)
• Having a word counter was really useful.
• There was the odd issue with logging in, but I think that was mostly from people not reading instructions properly, or the password link email going to spam. A few people also somehow created duplicate accounts, maybe through submitting an application, but also creating an account on the main log-in page.

Cheers, Thomas

Thomas:

Thank you so much for taking the time to share your feedback!

Best,
Di

Love this feedback @vinkthom, thank you for sharing it! Look out for follow-ups from us to figure out what solutions address the issues raised

I echo the thanks for this feedback. In looking through the list, it seems like things that might be addressed via better documentation are:

For messages, it wasn’t always clear when to use the communications tool within the platform , and when to just email directly.

Proposed solution:

• I will explore and generate documentation on Hypha’s in-platform communication tool - especially, how and when it is useful

A few people also somehow created duplicate accounts, maybe through submitting an application, but also creating an account on the main log-in page.

Proposed solution:

• I’m going to try to replicate this situation in DFF’s Hypha instance to see how it came about, and then will think about how to structure documentation about creating accounts to help folks avoid this.
• I will also look into, and include in Admin documentation, a section on “deleting duplicate accounts” to avoid confusion.

RE: DUPLICATE ACCOUNT CREATION

I went through the process of submitting the initial application/eligibility form for DFF–this, I believe, automatically creates an account with the contact email you provide, but doesn’t give you a password. Clicking the “link to your application” in the email generated brings you to a login page, but I don’t have a password to associate with the account (and no temporary info was provided in the “welcome” email).

If you click on the “New User? Sign Up” link, the system does not tell you if there is an account associated with the email you provide. In fact, there is no confirmation of registration or anything happening on the signup page other than a very brief blip from the site reloading (screenshot below):

Screen Shot 2021-07-28 at 5.29.54 PM921×535 17.5 KB

• Item A: I would like to have some kind of confirmation show up after the user clicks “Register” to let you know something happened (like your request was received, check your email), and
• Item B: I would like the system to tell me if there is already an account associated with my email address

I clicked “Register” several times because I wasn’t sure if something was supposed to happen. I don’t know whether that created several accounts with my email (if so I apologize–I clicked many times), but that lack of transparency may explain why you’re getting duplicate accounts.

How I was able to get a password to actually log in and view my “application” was my clicking the “Forgot password” link - but there was no information on the site or in the welcome email telling me to do this, so I’m not sure that’s how I was supposed to do. Would be nice if the instructions for going through this process were more clear (and they might be in the guide you created, @vinkthom, but as you speculated, people are likely not reading the guides carefully, especially for this initial step).

Couple of thoughts on how that clarification process might happen:

• Item C: Add a link to the documentation on the login page (linking specifically to a “How to log in” doc page), and (because this kind of reduplication is only helpful to the user)
• Item D: Add the “how to log in” steps directly into the welcome email generated by the system - this can be a reduced version of what is on the “How to log in” doc page, but I think it should at least outline what the user should do

@frjo, questions for you:

1. Are these four Items things others think would be useful to add?
2. How easy would it be to do the things I’ve mentioned here? (I realize this may vary depending on which Item we are talking about)
3. Are there already open issues on github for any of these?
4. If the answer to 2 is “no”, should I create these issues?

This feature to create accounts is not part of core Hypha, it’s something DFF have added themselves. In core Hypha you get an account when you apply or staff creates an account for you (mostly for Reviewers etc.).

In core Hypha if you apply for a second time with the same e-mail address but do not login the system will link the submission to the existing account.

Wagtail admin → Settings → User settings → Extra text on login form

Here you can add e.g. a link to your documentation or the core Hypha documentation if you have not changed stuff to much.

This is the e-mail that core Hypha send out to new users, i.e. users that have just applied for the first time.

Dear {{ name|default:username }},

An account on the {{ ORG_LONG_NAME }} web site has been created. Activate your account by clicking this link or copying and pasting it to your browser:

{% if site %}{{ site.root_url }}{% else %}{{ base_url }}{% endif %}{{ activation_path }}

This link can be used only once and will lead you to a page where you can set your password. It will remain active for {{ timeout_days }} days, so do it now.

After setting your password, you will be able to log in at {% if site %}{{ site.root_url }}{% else %}{{ base_url }}{% endif %} in the future using:

username: {{ username }}
password: Your chosen password

If you do not complete the activation process within {{ timeout_days }} days you can use the password reset form at: {% if site %}{{ site.root_url }}{% else %}{{ base_url }}{% endif %}{% url ‘users:password_reset’ %}

Thanks,
The {{ ORG_SHORT_NAME }} Team

It works just as the e-mail describe, allowing the users to set their own password.

Passwords in Hypha have simple rules, 12 characters minimum and are not exposed in data breaches according to Have I Been Pwned: Pwned Passwords. The checks are done automatically and I think the info to the user are decent but please test and see if improvements can be made. Applying for grants are hard and complex and it stuff like passwords should not make it harder.

Thanks, @frjo

So it sounds some of the confusion I experienced may arise from differences between the DFF implementation of Hypha and Hypha core.

If the ability to register outside of submitting an application is something DFF has added, it may then be useful for DFF to also add the confirmation I suggested in Item A.

Re: Item B*, I’m not sure if this is true because I cannot see DFF’s Hypha back-end, so this is something we’d need DFF’s implementer to confirm.

Re: Item D (I know, out of order), this email in Hypha core looks awesome and helpful. The email I received when I submitted the application on DFF’s Hypha “apply” site is below (and did not contain any link, or info about how to set a password):

Screen Shot 2021-07-29 at 2.48.16 PM1389×754 71 KB

@vinkthom, do you know why the email @frjo referenced in his response to my “Item D” isn’t what is sent to DFF applicants? Having this information would definitely help with any user confusion about how password creation is supposed to happen, and it may head off duplicate registrations.

Re: Item C, if future users make changes to how registration/account creation works in their implementations of Hypha, this will definitely be helpful to include in the documentation for Admin/Staff or possibly even for Deployment (@maxpearl, thoughts?)–something to the effect of:
If you make changes to how account creation works in Hypha, *we highly recommend* including instructions for generating a password/logging in in your welcome email and/or on the login page (and here's how to add that in Wagtail)

I’ll add one final thing, which is that DFF’s rule that passwords need to be at least 20 characters stretched my password creation abilities.

Let your password manager of choice create and remember your passwords. Easier and safer.

Thanks so much @emlini and @frjo for your detailed feedback on this! Sorry about the delay, I was on leave the last two weeks.

All applicants should be signed up in the way Fredrik describes, by submitting an application. For Reviewers, we create the accounts ourselves, also as Fredrik describes. Emily, you should have received another automated email (additional to the one you copied above) similar to the one that Fredrik refers to, with a link to create your password. Maybe it went into spam?

I think there were one or two examples where people said they didn’t receive that email for some reason, like you. In which case we then provided instructions on how to use the forgot password link to do it. But 95% of applicants did seem to receive the email with the password link ok.

I think the easiest solution to stop the duplicant account issue will be to actually remove the “New user? Sign up” link. We don’t actually want anyone to sign up in that way and if it is not part of the core app we can just get rid of it. I will talk to @allan to get that removed.

We could follow your suggestion Emily, to add across the information about logging in onto the main page. Though that information is already in the guide that is linked on the main page. And it will be in the email all applicants should receive. So it is only an issue if someone doesn’t look at the guide, or for some reasons doesn’t see/receive the email (like what happened for you).

For passwords, as an organisation we have security guidelines which demand that all passwords be at least 20 characters, so I can’t do too much about that. In the guide we recommend that people use a password manager for that, which makes it really easy. But yes, maybe we can further improve the guidance about this. Emily, I think you are the first person to complain about this though. If anyone else had issues with the password length they didn’t say anything about it to us.

Emily, there is only one account of yours I can see. And it didn’t have any role assigned, so seems to be the one you created yourself. When someone submits an application their account should automatically be created and assigned as an applicant. I have now assigned that role to you manually and will put through to the application stage so you can see that if you want to.

Let me know if I missed anything! Thanks, Thomas