[WIP] Ensure preservation of return_to through OAuth login flow #3879
Conversation
ghost
assigned 
|
@jywarren I couldn't test the whole functionality because oauth is disabled for local setup. How can I test it out ? |
Generated by 🚫 Danger |
|
Oh, this is cool! I'll add you as a contributor and you'll be able to push to unstable.publiclab.org where we do testing. It'll build for a bit (follow at https://jenkins.laboratoriopublico.org) and then you should be able to try this out. I'm not 100% sure OAuth will work the same, but it's worth a try. |
|
Also Code Climate has made some suggestions about your code, we don't have to adopt all of them but they're at least interesting to look at: https://codeclimate.com/github/publiclab/plots2/pull/3879 I can approve this to get CodeClimate to return an OK, if you like, or adopt some but not all -- up to you! |
|
Oh i'm sorry i already added you! So, to start testing on |
I see.
Sure, I'll check them out.
|
|
Ah, sorry! https://publiclab.org/chat has several options for joining!
welcome!
…On Thu, Nov 1, 2018 at 4:23 PM Radhika Dua ***@***.***> wrote:
you'll be able to push to unstable.publiclab.org where we do testing.
It'll build for a bit (follow at https://jenkins.laboratoriopublico.org)
and then you should be able to try this out. I'm not 100% sure OAuth will
work the same, but it's worth a try.
I see.
I can approve this to get CodeClimate to return an OK, if you like, or
adopt some but not all -- up to you!
Sure, I'll check them out.
Oh i'm sorry i already added you! So, to start testing on unstable, first
just chime in on the chatroom to warn others (since it only supports one
build at a time, maybe someone else is using it... best to ask!) then run
git push -f ***@***.***:publiclab/plots2.git unstable and it will
begin to build.
Oh. Where's the chatroom ?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#3879 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AABfJ1QDhykTQ5S7sAAumt8Id466QynAks5uq1g_gaJpZM4YHFk2>
.
|
|
@jywarren It's working fine now on https://unstable.publiclab.org @publiclab/reviewers @SidharthBansal Please review the code. Also it involves some UI related changes. I removed the "Login" dropdown from the navigation bar. And clicking on "Login" redirects to login page. This removes up duplicate code and also has better UX for mobile users. You can check it out at https://unstable.publiclab.org |
|
|
||
| if @user&.drupal_user&.status == 1 | ||
| # an existing Rails user | ||
| if @user |
There was a problem hiding this comment.
@jywarren Is there any difference in @user and @user.nil in this case ? If not, then we can remove if condition because we already have check for that in above code.
There was a problem hiding this comment.
I think you're right, here. Let's just be very careful and make changes incrementally since this is a pretty complex piece of code. It'll be easier to track any bugs we may introduce if we change fewer things at a time. I know this is not as satisfying as more thorough refactor here, but our login code is relatively critical, so we have to be careful, and not every thing can be protected by tests. Thanks!
| return | ||
| end | ||
|
|
||
| if @user&.drupal_user&.status.zero? |
There was a problem hiding this comment.
Banned users have status code 0, right ? I got to know that from the tests. Just wanted to confirm this.
There was a problem hiding this comment.
This is a little different, this is our legacy drupal users status. We should check against status of just @user. But I believe that is correct, yes! And statuses should be synced but let's not rely on that as we are slowly working to remove drupal_user code in #2838
| end | ||
|
|
||
| if @user.nil? | ||
| flash[:warning] = "There is nobody in our system by that name, are you sure you have the right username?" |
There was a problem hiding this comment.
Generally sites don't tell this up. They just say "Invalid username or password".
There was a problem hiding this comment.
yeah, you can change it if you think that'd be best, good catch!
| return | ||
| end | ||
|
|
||
| params[:user_session][:username] = params[:openid] if params[:openid] # second runthrough must preserve username |
There was a problem hiding this comment.
I thought of simplifying these parts but I don't know internals of the system. So, I didn't touch them. Things which I changed, I commented about them. :)
There was a problem hiding this comment.
GREAT approach! As i mention below, we want to be conservative about refactoring the signup process.
|
OK, sounds like there are a couple spots you'd like to refine before merging this? Thanks so much!!! |
I can't agree more to this. I'll split this PR into multiple small patches by which it would be easier to catch bugs in whole process. But before doing that, just wanted to confirm if you agree with the following: |
|
Hmm, I think this is ok, though I do wonder about if the non mobile page is
slightly smoother with the drop-down... Are we able to have a separate page
just for mobile, even if it is still code duplication a bit?
Thank you for your consideration on this! I agree it'll make a big
difference for mobile users!
…On Fri, Nov 2, 2018, 6:54 PM Radhika Dua ***@***.*** wrote:
I know this is not as satisfying as more thorough refactor here, but our
login code is relatively critical, so we have to be careful, and not every
thing can be protected by tests.
OK, sounds like there are a couple spots you'd like to refine before
merging this? Thanks so much!!!
I can't agree more to this. I'll split this PR into multiple small patches
by which it would be easier to catch bugs in whole process. But before
doing that, just wanted to confirm if you agree with the following:
Also it involves some UI related changes. I removed the "Login" dropdown from the navigation bar. And clicking on "Login" redirects to login page. This removes up duplicate code and also has better UX for mobile users.
You can check it out at https://unstable.publiclab.org
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#3879 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AABfJxoIAHLgRwvYGp8epXn2OGVxG1o7ks5urM0AgaJpZM4YHFk2>
.
|
May be in future, we can create a modal for the login page ? So, on any page, clicking on "Login", will just open popup in which user will enter details and login. There won't be any separate login page. |
Fixes #3384
@jywarren I didn't have push access to
oauth-return-tobranch. That's why I pushed to new one in my forked repo.Reference: #3762