Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: bypass 2FA when logging with email (VO-380) #1174

Merged
merged 1 commit into from
Feb 26, 2024
Merged

feat: bypass 2FA when logging with email (VO-380) #1174

merged 1 commit into from
Feb 26, 2024

Conversation

acezard
Copy link
Contributor

@acezard acezard commented Feb 20, 2024
edited
Loading

✨ Features

  • Do not use 2FA when already logging from an email link
  • Update cozy-client before merging

@acezard acezard force-pushed the feat--bypass-2FA-when-logging-with-email branch 2 times, most recently from ae83952 to 8adbbcb Compare February 20, 2024 15:04
Ldoppea
Ldoppea reviewed Feb 20, 2024
View reviewed changes
src/screens/login/LoginScreen.js Outdated

if (emailVerifiedCode) {
// We will use it at a later stage when starting the OAuth flow
emailVerifiedCodeRef.current = emailVerifiedCode
Copy link
Member

@Ldoppea Ldoppea Feb 20, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here I would suggest to put this data into the state object for two reasons.

First because the login state is already complex so I think it is better to keep it centralised

Second because, as for the other state's entries, we need to ensure it is correctly reset when login is canceled. This is done when calling setState({step: CLOUDERY_STEP}) (i.e. in the handleBackPress callback or in cancelLogin method). With your implementation the email verified code is not cleared and will be send to the next login attempt.

Also the email code can be set only in setInstanceData as MagicLink is already an email based mechanism and the OIDC is not an email based one, so none of them would receive an email code.
So I think that instead of using the useRef you can safely put the code in the setState at line 190 and retrieve it in the state destructuring at line 347.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

updated

@Ldoppea Ldoppea mentioned this pull request Feb 20, 2024
Merged
@Ldoppea
Copy link
Member

Ldoppea commented Feb 20, 2024

Related PRs:

@acezard acezard force-pushed the feat--bypass-2FA-when-logging-with-email branch 3 times, most recently from bc51a5f to 57397e6 Compare February 21, 2024 08:49
@acezard acezard requested a review from Ldoppea February 21, 2024 08:50
Ldoppea
Ldoppea reviewed Feb 23, 2024
View reviewed changes
src/screens/login/LoginScreen.js Outdated
async ({ instance, fqdn }) => {
/**
* Sets the instance data.
* @param {{ instance: Record<string, unknown>, fqdn: string }} instanceData - The first parameter object with `instance` as a record of string keys to unknown values, and `fqdn` as a string.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

instance is supposed to be a string, did you find a case where it was something else? 🤔

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

updated

@acezard acezard requested a review from Ldoppea February 26, 2024 08:52
@acezard
feat: bypass 2FA when logging with email
6612ee5 
Using a react ref to store the param,
as to not disturb the existing flow.
cozy-client has been updated to use the new loginFlagship method.
Keep in mind this has not been deployed into prod stack-wise
at the time of this commit. The feature will not work with only
the front-end implementation here.
@acezard acezard force-pushed the feat--bypass-2FA-when-logging-with-email branch from 57397e6 to 6612ee5 Compare February 26, 2024 08:53
@acezard acezard merged commit 5099b39 into master Feb 26, 2024
1 check passed
@acezard acezard deleted the feat--bypass-2FA-when-logging-with-email branch February 26, 2024 09:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Ldoppea Ldoppea Ldoppea approved these changes

@zatteo zatteo Awaiting requested review from zatteo zatteo is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@acezard @Ldoppea