[4.0] Correcting WebAuthn display in login menu item#32196
[4.0] Correcting WebAuthn display in login menu item#32196richard67 merged 3 commits intojoomla:4.0-devfrom
Conversation
infograf768
changed the title
|
@nikosdion |
nikosdion
left a comment
nikosdion
left a comment
There was a problem hiding this comment.
This PR breaks an important feature and needs to be changed before being considered for merging.
| <?php echo HTMLHelper::_('image', $button['image'], Text::_($button['tooltip'] ?? ''), [ | ||
| 'class' => 'icon', | ||
| ], true) ?> | ||
| <?php echo $button['image']; ?> |
There was a problem hiding this comment.
This change is wrong and I consider it a blocker to merging this PR.
The image parameter returned by additional login button plugins is NOT meant to be an absolute URL. It's supposed to provide a URL relative to the media folder which can be overridden in the template. That's why it goes through HTMLHelper::image.
This is an important feature to preserve. By going through HTMLHelper the site integrator can drop in an image in media/templates/site/YOUR_TEMPLATE/... to override the image used by the additional login button plugin. With your change it's no longer possible. The site integrator would have to core hack the plugin itself(!!!) to change the image or do other unholy things, like hiding the image with CSS and using some sort of ::before magic to render a different image. Not exactly what I'd call as easy or practical or even feasible as dropping a file in a folder.
If you have a problem with the image for WebAuthn not being displayed the solution would be to edit the WebAuthn plugin to send the correct relative path.
There was a problem hiding this comment.
I was sure there could be an issue. This was why I called you.
The problem lies in a double use of the htmlhelper.
Any proposal to help solving the issue in the plugin itself as it uses an inline SVG?
There was a problem hiding this comment.
The solution is practically screaming at you. The plugin (plugins/system/webauthn/src/PluginTraits/AdditionalLoginButtons.php) needs to be corrected in line 165. Instead of 'image' => $image, you need to do 'svg' => $image, Then revert the change you made in your PR in the components/com_users/tmpl/login/default_login.php file regarding the image parameter.
As you can see, if you pass an svg parameter it's output verbatim. @brianteeman added that on January 2nd exactly so that you can use inline SVG files. The same code needs to be copied to modules/mod_login/tmpl/default.php and administrator/modules/mod_login/tmpl/default.php.
If you look at what's going on, using Git blame, you will see that my original contribution only had a provision for going through HTMLHelper::image. The inline SVG came later and, frankly, the lack of direction or understanding of where that code comes from (nobody heard of Git blame?) led to some code being partially there, some code being modified without ever working (AND MERGED! WTF!) and the three files I had carefully modified to implement additional login buttons are now all out of sync, each one working in a different and mutually incompatible way. Little wonder shit's broken all over the place, don't you bloody think?!!!
The PRs which made these changes should have never been merged. If anyone had looked at them they'd have figured out why. Instead, they got two ostensibly successful tests — even when the first test in this PR clearly demonstrated why these tests mean sod all in practice, as I've been saying for years — and someone with commit rights mashed that green GitHub merge button without thinking and of course without being held accountable. What are you doing @wilsonge @HLeithner ? Are you still running this project or is your role confined to applying major changes after beta 6? This is a serious question. If you think that Joomla's problem is whether it ships with BS4 or BS5 but not whether it actually, dunno, bloody works consistently or even at all then I think that your priorities are misaligned with the priorities of the people who actually try to use the darned product.
There was a problem hiding this comment.
what have I done wrong this time. afaict my only involvement was to fix where a pr had been applied in one place but not another
There was a problem hiding this comment.
@brianteeman Your PR was the only thing that wasn't broken. Another commit removed the code that was applied elsewhere. Yet another one broke the plugin to begin with. Your code is the last remaining example of the correct approach (use a different key for inline SVG) and should be copied over in the other two places.
There was a problem hiding this comment.
I had tested already changing image to svg in the plugin and not modifying the default_login.php
In that case. it was working OK for the menu item but I lost the image in the login module.
I did not think about adding the svg conditional in the modules. :)
Modifying PR now.
Thanks for the hint.
| <div class="controls"> | ||
| <button type="button" | ||
| class="btn btn-secondary <?php echo $button['class'] ?? '' ?>" | ||
| class="btn btn-secondary w-100 <?php echo $button['class'] ?? '' ?>" |
There was a problem hiding this comment.
This change is OK with me. If a third party plugin needs to override the width it can do so with CSS.
|
I have tested this item ✅ successfully on 6cd62f7 This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/32196. |
|
@ceford Please withdraw your successful test because it's misleading. The PR as is fixes the form but breaks important functionality as I've written in my review of the PR in #32196 Please do not limit your source of information to the Joomla issue tracker site. It doesn't convey the entire picture (and really has no reason of existence, but that's another discussion for another day). |
|
I have not tested this item. This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/32196. |
|
@N6REJ |
|
@nikosdion @ceford Please test again |
|
It works as before for me - and I did read the discussion this time. However, being of a nervous disposition, I will wait for @nikosdion approval before pressing the pass button. |
@ceford No need to be nervous. If your test was successful, press the button. If it later turns out it was a mistake, that can happen. It happens to me, too sometimes. But that should not make us scared from further testing. I'm not sure if Nik will report back when all is ok now. |
|
I have tested this item ✅ successfully on 85c9df0 This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/32196. |
nikosdion
left a comment
nikosdion
left a comment
There was a problem hiding this comment.
Perfect! The code is consistent, elegant and (mostly) self-documenting. The original intent is preserved. The inline SVG implementation intent is restored. Things work. Well done!
|
@richard67 I always comment when I ask someone to fix something and they do. Just not on Sundays, man. |
|
I have tested this item ✅ successfully on 85c9df0 This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/32196. |
|
RTC This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/32196. |
@nikosdion Yes, and thanks for that. I haven't said you won't comment for sure, I just have said that it might not happen. I had the feeling @ceford was discouraged from marking his test result, and I wanted to encourage him again. |
|
Thanks! |
7 participants
Pull Request for Issue #32182
Summary of Changes
#31545 forgot to modify com_users login default_login tmpl and login modules
Testing Instructions
Set webautn to display when login.
Create a login menu item.
Actual result BEFORE applying this Pull Request
Expected result AFTER applying this Pull Request
Note
This PR does not solve the tooltip display in the menu as well as in the login module
PLG_SYSTEM_WEBAUTHN_LOGIN_DESC="Login without a password using the W3C Web Authentication (WebAuthn) standard in compatible browsers. You need to have already set up WebAuthn authentication in your user profile."