-
Notifications
You must be signed in to change notification settings - Fork 128
Fixes #4974 - Remove wantsauth dependency for setting FxA cookie #4998
Conversation
@@ -36,9 +36,8 @@ exports.HeadTemplate = class HeadTemplate extends React.Component { | |||
for (const locale of this.props.userLocales) { | |||
localeScripts.push(<script key={`l10n-${locale}`} src={this.props.staticLink(`/static/locales/${locale}.js`)} />); | |||
} | |||
const wantsAuth = !this.props.authenticated; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@chenba Including you to review updated wantsAuth include criteria. With this change we will be loading wantsAuth on server only when deviceId doesn't exist
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We also don't want wantsAuth
when the user is already authenticated through FxA.
Rest of the changes in PR are I am keeping isOwner changes separate from this PR which need a new attribute added to shot and believe should be a separate PR. |
@@ -605,6 +611,7 @@ app.post("/api/login", function(req, res) { | |||
return sendParams.accountId = accountId; | |||
}).then((accountId) => { | |||
if (vars.ownershipCheck) { | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This feels unnecessary. 😃
}); | ||
|
||
app.get("/api/fxa-oauth/confirm-login", function(req, res, next) { | ||
app.get("/api/fxa-oauth/confirm-login", async function(req, res, next) { | ||
if (!req.deviceId) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wouldn't this if
stop what we're trying to do right away?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh, maybe I'm confusing this particular PR with the overall goal of having FxA work without device id?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, this check will change to include accountId with PR that allows shots access and authentications on non-Firefox browser
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Cookie setting code looks ok. But we are not using that cookie value to prevent the loading of wantsAuth
. Is that being done in another issue?
No description provided.