Create "You've created your [x] authentication method!" page#6111
Create "You've created your [x] authentication method!" page#6111
Conversation
config/routes.rb
Outdated
There was a problem hiding this comment.
For consistency with other routes, can we replace - with _ ?
| get '/auth-method-confirmation' => 'mfa_confirmation#index' | |
| get '/auth_method_confirmation' => 'mfa_confirmation#index' |
There was a problem hiding this comment.
Not sure if it's just because draft, but noting that we should probably want a unique title here from "Confirm the password for your account" ?
590592c to
2502e5b
Compare
zachmargolis
left a comment
There was a problem hiding this comment.
Left some ideas to increase code coverage to get around the error
There was a problem hiding this comment.
this method is marked as not covered by code coverage, and I'm not seeing it used anywhere in the diff, can we remove it?
config/routes.rb
Outdated
There was a problem hiding this comment.
Looks like this method was added but here and so was the template, but I'm not seeing it in the diff. Can we add a stub for it like this?
There was a problem hiding this comment.
so add that stub to the mfa_confirmation_controller.rb file? If so, that makes sense.
There was a problem hiding this comment.
This would also be where we could add a check to not render in production if we want to prevent it from being available there
There was a problem hiding this comment.
this template was added but I'm not seeing any tests that call it. WDYT of adding a very simple view spec for it?
2502e5b to
8a649ef
Compare
| if IdentityConfig.store.select_multiple_mfa_options | ||
| auth_method_confirmation_url | ||
| else | ||
| render :file => "views/mfa_confirmation/new.html.erb", :layout => true, :status => 302 |
There was a problem hiding this comment.
How come this is a 302 status (usually a redirect?) but it's rendering instead of redirecting?
Also can we use new-style hashes render file: "abc/def", layout: true if possible?
There was a problem hiding this comment.
yeah, I thought redirecting would cause it not render, but I was wrong. Instead, we are going to put a flag on that route.
6deeeeb to
f678d19
Compare
|
|
||
| <%= render 'shared/cancel', link: destroy_user_session_path %> | ||
|
|
||
| <%= link_to t('account_reset.cancel_request.cancel'), root_url %> |
ef1c809 to
0d12668
Compare
config/routes.rb
Outdated
There was a problem hiding this comment.
A few thoughts on this route and associated controller:
MfaConfirmationControllerseems to be primarily concerned with the "reauthn" (password reentry) behavior, not with MFA setup, where MFA setup is split acrossTwoFactorAuthenticationSetupControllerand ad-hoc controllers. I might wonder if this should be a separate controller, or part ofTwoFactorAuthenticationSetupController?- While we're not entirely consistent about it, I usually prefer when the route aligns to the controller name, since it makes it easier for me to backtrack from a URL to its associated controller.
- To me,
#indeximplies some sort of listing, or at least an entry-point of a controller, where this is more like a confirmation screen.
Depending on how this feature evolves, I suppose this view would probably be the rendered result of, for example, TwoFactorAuthenticationSetupController#create ? With that in mind, it could be fine if it's expected to be temporary, though we may be able to save some future effort by implementing it closer to where we expect it to be eventually used.
There was a problem hiding this comment.
- I think we are going in the direction of using the
TwoFactorAuthenticationSetupControllerto set up the MFA prototype. In fact, work for setup in that controller is being done in a separate ticket - I think the plan is to have the route and controller to reflect its new functionality. This might be in the form of changing the name of
TwoFactorAuthenticationSetupControllerand any routes associated with it. - By the look of it, it can be changed to a
#show. I can address that part now. There is no logic associated with this page right now, so that will be easy.
I anticipate that we will have additional changes to routes and controllers. There are a few things to think through to make it sound, but I think that is a little further down the road.
There was a problem hiding this comment.
That all sounds good to me! 👍
changelog: Improvements, Feature, Add interstitial confirmation page
0d12668 to
1fdcc60
Compare

This PR creates the confirmation page that will inform the user that they have successfully set up one of their selected MFA methods.
Notes: