-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add email verification check before showing the Gravatar Quick Editor #23920
base: trunk
Are you sure you want to change the base?
Conversation
📲 You can test the changes from this Pull Request in WordPress Alpha by scanning the QR code below to install the corresponding build.
|
📲 You can test the changes from this Pull Request in Jetpack Alpha by scanning the QR code below to install the corresponding build.
|
@@ -16,9 +17,24 @@ struct GravatarQuickEditorPresenter { | |||
} | |||
self.email = email | |||
self.authToken = account.authToken | |||
self.emailVerificationStatus = account.verificationStatus |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey, I'm not sure how accurate this field is. The usage of it was removed from the app, and I was planning to remove the field as well in favor of relying on the server to tell you which operations are not permitted without hardcoding it on the client. What happens if the client doesn't hardcode this check?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What happens if the client doesn't hardcode this check?
Sounds good to me but is there a way to currently achieve that on the JP side?
We want to improve our endpoints to know the reason as to why 401 unauthorized is thrown. That way we'll be able to show a better error. Unfortunately we didn't have chance to come up with a better solution on the SDK side yet(holidays).
There has been a very recent backend change on the Gravatar side. Before that, the Quick Editor worked successfully for unverified emails, but it turns out this isn't supposed to be happening so it's fixed urgently. So, a "session expired" error is displayed in the Gravatar Quick Editor for unverified emails which can be misleading and confusing. This is just an attempt to show a better message until we sort things out the SDK side.
Although I am not sure when this change would be live even if we merged this...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Gotcha. In that case, I suggest moving the verification check to where the "session expired" error is displayed. I'm just not entirely sure you can rely on account.verificationStatus
, and it would be a shame if it blocks the legitimate requests from going through.
Fixes #
Adds an email verification check before showing the Gravatar Quick Editor because a user with an unverified email can't change their avatars due to a recent backend fix. Gravatar needs to have a strict policy that accounts who haven’t verified there email cannot use Gravatar.
The Gravatar Quick Editor handles the unauthorized errors with a session expired message so it's good to have a more accurate and descriptive alert here. In the meantime we'll work on the message on the SDK side.
To test:
You can use a temp inbox like www.emailondeck.com to create an email
Logout and create a new user
Go to Me > My Profile > Add profile photo
Observe: An alert pops saying
To update your avatar, you need to verify your email address first.
Go to your inbox, verify the email
Go back to Me and repeat the steps
Observe: Gravatar Quick Editor shows
Regression Notes
Potential unintended areas of impact
What I did to test those areas of impact (or what existing automated tests I relied on)
What automated tests I added (or what prevented me from doing so)
PR submission checklist:
RELEASE-NOTES.txt
if necessary.Testing checklist: