Web Team Update - June 2025

RBA functions with login

Charlie sent a note to RBAs announcing plans to put several core RBA functions behind authentication. This includes:

  • Region Configuration: https://rusa.org/cgi-bin/regionconfigure_GF.pl - This page allows RBAs to make configuration changes to their region, such as the region's website URL. A new feature is the ability to assign deputies, which will have authority to manage the region's event calendar and submit results. This website function is now live, and the remaining changes are planned for late June.

  • Assign routes to events: https://rusa.org/cgi-bin/routeassign_GF.pl - This is Charlie’s Perl implementation of RBA Self Service currently in Drupal. It is fully implemented and ready to roll out. It has several new management capabilities and enhancements:

    • Regional calendars can only be edited by the respective logged-in RBA or an authorized deputy. The region selection workflow has been streamlined accordingly.

    • Route selection is now filtered by event type. UAFB only shows routes that support audax, and other event types only show routes that support allure libre.

    • Team event names and placeholder event names can now be directly assigned without going through the brevet coordinator.

    • Gravel rules for RUSAP/RUSAB events can now be applied or removed without going through the brevet coordinator.

    • Populaire events can now switch to any populaire distance without going through the brevet coordinator.

    • The tool now highlights which specific event fields were updated in the change summary.

    • The tool is now significantly more performant. This will be particularly noticeable for regions with a large event calendar.

    • The tool provides additional guidance about the process for assigning 8k600 routes and setting LRM event names.

  • Submit results - Work on this is underway to add authentication/authorization and streamline the event selection process. This has an extensive workflow and authentication needs to be added to several places. There is potential to further streamline the existing event confirmation part of the workflow, since there will be less risk of submitting results for the wrong event going forward.

  • Submit event calendar - This workflow will also require incorporating authentication/authorization into several places. This is the final RBA function that will be updated.

Additional region info on RUSA site

Following up on Sarah Bergstrom's Bugzilla 1092 (Small space for every region to put a little more information on the RUSA site), we discussed adding icons for a region’s social media channels in a column on the Regions page, similar to the ones on the RUSA home page. These links would be configured by the RBA using the Region Configuration page. This means the Web Team or other back office admins would not need to devote effort to soliciting and maintaining content for regions.

Facebook  instagram   RUSA Google Group

Member services workflow updates

Charlie has been in communication with the membership team about reengineering membership renewal workflow in preparation for securing member data updates behind authentication. The original plan had been to require website authentication for anyone renewing their membership or for anyone updating their personal member data. The new proposal is to surgically remove member data updates from the membership renewal workflow, and make that available only from the member data update workflow. The resulting structure will not require authentication for membership renewal. This significantly reduces the risk of the membership authentication rollout. It also allows members to continue to purchase renewals on behalf of others, as is sometimes done today.

The member update workflow will no longer require membership committee approval for data changes, and sensitive data will no longer be hidden/obfuscated for the vast majority of data fields. The date-of-birth "verification" will also be removed.

The current data update workflow was updated to no longer show the member's selected gender option. This will be reverted back once the workflow is behind authentication.

Bugzilla

A web scraper in China has been hammering the RUSA website from over 50,000 IPs and all sorts of user agents, resulting in degraded performance and denial-of-service. One of the bigger targets is Bugzilla. We temporarily updated the web server to serve Bugzilla from a different path in order to restore website performance and stop the scraping. Charlie has updated Bugzilla to require authentication in order to view any bugs going forward, and Bugzilla was restored to serve from its original path. Requiring authentication didn't stop the scraper from hammering the website despite getting back a bunch of error responses, so we're taking additional measures to block the unwanted traffic.

Demographics report

Updated the demographics report to show periodic snapshots rather than be real-time. This is a privacy measure to prevent leaking demographics data for new RUSA members, and it unblocks further expansion of gender categories in the report. The cron job was successfully tested, and the demographics snapshots will soon become live. Snapshots will be updated twice per month (on the 1st and 15th) and also on 12/31. A real-time report will still be available to back office admins.

Login workflow updates

Login redirects

Demoed login redirects through the Drupal login page to redirect to submit results, calendar events, assign routes, or configure regions without being logged in.

Removing email/username logins

The team is exploring removing email address and username as login identifiers. This has resulted in past confusion when members try to log in without understanding that they haven't made a website account yet. By restricting login identifiers to just RUSA #, the website will be able to message the user that a website account doesn't exist without leaking the existence of a valid email address. The goal is for website account troubleshooting to be more scalable and self-service so that it consumes less web team and volunteer resources.

Drupal updates

“Unable to update Drupal modules in production (memory error from `composer u`).” Several Drupal updates have been piling up because the team is unable to apply them in production.

Charlie’s website roadmap

Reviewed Website Roadmap: Privacy, Security, Gender spreadsheet.