Skip to content
This repository has been archived by the owner on Jan 17, 2023. It is now read-only.

Fixes #5185 - Access settings page directly from url #5207

Merged
merged 1 commit into from
Nov 21, 2018
Merged

Fixes #5185 - Access settings page directly from url #5207

merged 1 commit into from
Nov 21, 2018

Conversation

punamdahiya
Copy link
Contributor

No description provided.

@punamdahiya
Copy link
Contributor Author

As discussed #5185 (comment) , for now if a user access /settings from url without signin, we are redirecting user to homepage.
Fix involves
a) removing explicit check for deviceId and accountId before showing settings page
b) redirect user to home page if user is not signed into FxA for both firefox and non-firefox browsers
c) Leaving accountInfo null handling by showing below signin page on settings view.js after removing sync messaging.
settings-minimal-signin

ianb
ianb suggested changes Nov 20, 2018
View reviewed changes
Copy link
Contributor

@ianb ianb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A little test change. I'm also a little unclear on the reason for removing the CTA for signing in.

test/server/test_responses.py Outdated
@@ -45,7 +45,7 @@ def test_settings_page_requires_auth():
user = ScreenshotsClient()

resp = requests.get(urljoin(user.backend, "/settings"))
assert resp.status_code == 403
assert resp.status_code == 200
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should change this test to confirm that the response was redirected (otherwise the test no longer really tests anything, i.e., doesn't test authentication logic). This is a response object and an be checked for resp.is_redirect or probably better would be to check resp.url == user.backend + "/"

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

server/src/pages/settings/view.js
@@ -75,20 +75,12 @@ class Body extends React.Component {
<Localized id="settingsGuestAccountMessage">
<p className="title">Guest Account</p>
</Localized>
<Localized id="settingsSignInInvite">
<p className="info">Sign in to sync across devices</p>
</Localized>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It doesn't seem right to me that we are removing these...? Don't we still want to display these messages to people who aren't logged in via FxA?

Copy link
Contributor Author

@punamdahiya punamdahiya Nov 20, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We are redirecting user to homepage when a user doesn't have accountId cookie set.

This block of code shows only if accountInfo is null that is querying db for the accountId doesn't return any record.
If needed for this edge case, we can keep the strings with word sync removed from messaging.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated to bring string back after removing sync mesaging

Settings page with no account Info
minimal-signin-connect

Settings page with account Info
settings-disconnect

@punamdahiya
Copy link
Contributor Author

Including @flodolo to review string changes. Thanks!

@punamdahiya punamdahiya merged commit f7b7223 into mozilla-services:master Nov 21, 2018
@SoftVision-CosminMuntean SoftVision-CosminMuntean mentioned this pull request Nov 23, 2018
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@ianb ianb ianb approved these changes

@flodolo flodolo flodolo approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@punamdahiya @ianb @flodolo