Fix/auth page improvements #502
Conversation
public/translations/en-US.json
Outdated
| @@ -104,6 +104,10 @@ | |||
| "invalidSymbol": "Invalid symbol.", | |||
| "unknown": "Uoh. Something wrong happened.", | |||
| "accountNotFound": "Account not found. Are you sure you created your account?", | |||
| "accountDoesNotCorrespond": "This private key does not correspond to logged in account. Please logout to use a different account.", | |||
There was a problem hiding this comment.
If we ever got to this state, we cannot do nothing about it, the session is doomed, maybe we can show a modal displaying this message and force a logout?
There was a problem hiding this comment.
Honestly, I don't even think it's possible to get to this state, but it was there before and I couldn't figure out how to test it, so I just kept it, but yes, we can do something like that.
Also, does it still make sense to get multiple account_names for the same public key/user (there was a LoginWithMultipleAccounts state before that I removed, because it wasn't being generated)? Can we be sure that the correct account (if there is one) will always be at the first position in the list?
There was a problem hiding this comment.
Yes, this case is actually impossible.
For it to happen, the user must be logged in (have their info on localStorage), but this port is only called from the Login page (which means the user is not logged in). But, if this ever happens, I thinks it's safe to just ignore it: it would be the same as the user logging out and logging back in, with a different account (we can make sure all of the data a logged in user can have in localStorage is deleted every time on login, just to be safe)
| initModel : Shared -> Auth.Model -> Eos.Name -> Symbol -> String -> Model | ||
| initModel shared authModel accountName selectedCommunity authToken = | ||
| initModel : Shared -> Maybe String -> Eos.Name -> Symbol -> String -> Model | ||
| initModel shared maybePrivateKey_ accountName selectedCommunity authToken = |
There was a problem hiding this comment.
we could introduce a type for private key instead of using a String
There was a problem hiding this comment.
I actually introduced a type alias PrivateKey = String later on and forgot to change stuff to use it (will do so). I don't think we need a type PrivateKey for this though, it would just mean more wrapping/unwrapping, and I can't see many benefits we get from that
There was a problem hiding this comment.
i can see only one:
having an easy way to validate private keys from elm. that's something we don't do today, we only check if the length for the word list is correct. but there are actually reserved words and forgotten characters
in any way my suggestion was just to keep this opaque types pattern we've been using
There was a problem hiding this comment.
I went to search for something, and found this type that already exists. Should we use that?
Just to be sure, by private key you mean the hashed analogue of the passphrase?
Does it make sense to validate either the passphrase (12 words) (other than the word count) or the private key? They're both generated automatically, not from the user 🤔
There was a problem hiding this comment.
I went to search for something, and found this type that already exists. Should we use that?
I think so yeah, in any case we can have a different function that only takes model, this way you don't need to wrap, unwrap every time!
Just to be sure, by private key you mean the hashed analogue of the passphrase?
Does it make sense to validate either the passphrase (12 words) (other than the word count) or the private key? They're both generated automatically, not from the user 🤔
Actually the 12 words is a mnemonic that serves as base (with other information to generate the private key)
There was a problem hiding this comment.
Actually the 12 words is a mnemonic that serves as base (with other information to generate the private key)
Ok, but does it make sense to validate any of these? We're dealing with
- 12 words (generated for the user, doesn't really make sense to validate)
- Private key (generated for the user, doesn't really make sense to validate)
- PIN (just a sequence of digits, not much to validate other than length and being only digits)
The only data we get from the user is from registration (name, username, email, etc), but I haven't gone through that in this PR
There was a problem hiding this comment.
12 words (generated for the user, doesn't really make sense to validate)
although its generated for they user have to type it on the text area, or paste it to login.
Private key (generated for the user, doesn't really make sense to validate)
+1
PIN (just a sequence of digits, not much to validate other than length and being only digits)
+1 Pin validation that we already have is enough
|
@lucca65 I suspect your issue with pasting might be related to permissions. I've added some handling for that, so it's clearer to the user what's going on. Anyway, I can't test on Safari/Mac, so can you try again please? |
|
Huh, that's weird. Nothing shows up as By the way, did you mean to approve this? |
|
yes! i approved the pr |
|
something must be up with netlify again |
|
Oh yeah, auth isn't working on netlify deploys - we still don't have @heltonlr can you test this out on staging? |
What issue does this PR close
Closes #501
Changes Proposed ( a list of new changes introduced by this PR)
A lot of the changes in this PR are transparent to the user.
What the users can see:
Guestpages (Login and Register) now use the sameFeedbacksystem asLoggedInpages (the red/green bar at the top of the screen).Feedbackstyles have been fixed so the bar sticks to the top once the user scrolls past it, so it's always visible.What the developers can see:
Authmodule is much smaller and easier to understand. It's now only concerned about logged in users, and can be in aWithoutPrivateKeyorWithPrivateKeystate.Authmodule that dealt with non-logged in users is now in theLoginmodule, since that was the only page that used it.View.Inputmodule allows for more flexibility and customization on counting strategies, counter styles, error styles, HTML elements inside the input area, and using different HTML elements as input (such asinputortextarea).Pinmodule is now a component with its own model/view/update, so it can be used both byGuestandLoggedInwithout much code repetition.How to test ( a list of instructions on how to test this PR)
This deals with authentication, so it's important to be thorough!
The main affected area is the login page, so try logging in with valid and invalid data, check if the errors are easily seen on any screen size (mainly that they stick to the top of the screen if you've scrolled down enough). Make sure you can still register a new user as well.
This also deals with the PIN modal, so try doing something that requires that, and see if it behaves accordingly.
Also check if the feedback bar at the top of the screen works as expected (is always visible even after scrolling past it) on the pages where you need to be logged in to see.