[Wallet] Pin Setup Flow v2 #1054
Conversation
Fix Send screen tab nav Add saga tests for account
jmrossy
requested review from
jeanregisser,
martinvol,
cmcewen,
Pedro-vk and
annakaz
| @@ -133,7 +131,10 @@ export class JoinCelo extends React.Component<Props, State> { | |||
| } | |||
|
|
|||
| nextScreen = () => { | |||
| const nextScreen = this.props.pincodeSet ? Screens.EnterInviteCode : Screens.Pincode | |||
| const nextScreen = | |||
| this.props.pincodeType === PincodeType.Unset | |||
There was a problem hiding this comment.
Not completely sure, but I think here you have an edge case when the user does the onboarding flow and then disables the security of their phone (think likely to happen with people that only set up the PIN to use the app). It probably won't explicitly fail here but when they try to send a transaction getPinFromKeystore will just throw an error.
So I'd suggest checking every time ConfirmDeviceCredentials.isDeviceSecure(), specially when sending a transaction.
There was a problem hiding this comment.
Did you mean this as a general point or something specific to this line? Because it seems unrelated to the JoinCelo page.
In the case where the user removes phone security after onboarding with it, throwing an error in getPinFromKeystore seems like the right thing to do. Is there an alternative you'd suggest?
There was a problem hiding this comment.
As a general point I meant.
Yeah, getting getPinFromKeystore to throw an error is the right call but I think it should be catched so the user can get redirected to the education screen again (maybe with a slightly different copy).
There was a problem hiding this comment.
Currently, if getPinFromKeystore throws an error (of any kind), then unlockAccount will catch it, causing getConnectedUnlockedAccount to then throw an IncorrectPin error. I agree it would be good to differentiate incorrect pin from missing phone auth but IIUC it would require modifying everywhere that getConnectedUnlockedAccount is used to handle that error case. Not too bad but still a bit out of scope for this PR I think. WDYT?
| @@ -109,6 +108,9 @@ export const TabNavigator = createBottomTabNavigator( | |||
| tabBarOnPress: () => { | |||
| navigate(Stacks.SendStack) | |||
| }, | |||
| tabBarOnLongPress: () => { | |||
| navigate(Stacks.SendStack) | |||
| if ( | ||
| pincodeCache.pincode && | ||
| pincodeCache.timestamp && | ||
| Date.now() - pincodeCache.timestamp < PIN_TIMEOUT |
There was a problem hiding this comment.
nit: this could be bypassed by changing the system time. Would be better to use a monotonic clock. https://stackoverflow.com/questions/7272395/monotonically-increasing-time-in-javascript
There was a problem hiding this comment.
Will add a TODO for this
| @@ -31,4 +32,17 @@ describe('Redux persist migrations', () => { | |||
| const migratedSchema = migrations[1](v0Stub) | |||
| expect(migratedSchema.app.language).toEqual('es-419') | |||
| }) | |||
|
|
|||
| it('work for v1 to v2', () => { | |||
| const defaultSchema = getLatestSchema() | |||
There was a problem hiding this comment.
It looks like it should take v1Schema here instead.
There was a problem hiding this comment.
Fixed in this and the other tests :)
| ...state, | ||
| account: { | ||
| ...state.account, | ||
| pincodeType: state.account.pincodeSet ? PincodeType.PhoneAuth : PincodeType.Unset, |
There was a problem hiding this comment.
Though it's harmless, we should clean up the old property by adding pincodeSet: undefined.
| <View style={style.row}> | ||
| {props.showDecimal ? ( | ||
| <Touchable borderless={true} onPress={props.onDecimalPress}> | ||
| <Text style={style.digit}>.</Text> |
There was a problem hiding this comment.
This will be incorrect for some locales.
There was a problem hiding this comment.
Yep, I haven't i18n'ed this yet, will add a TODO
| ) | ||
| } | ||
|
|
||
| export default function NumberKeypad(props: Props) { |
There was a problem hiding this comment.
I usually don't like custom keyboards as they break my expectations (can't use integration with password managers, or swipe style input).
Sure we really want our own? I understand it's for security reasons, but if the system keyboard is compromised I'm not entirely convinced a custom keypad will actually prevent much.
There was a problem hiding this comment.
Also, do custom keyboards have any trouble on low end phones?
There was a problem hiding this comment.
A lot of apps use custom keyboards for digits because the android numeric keyboard type varies so much across different phone vendors. And many look terrible.
@annakaz not sure why this component would cause problems on low end phones. If anything the experience is better because the component doesn't resize/redraw as the keyboard pops in and out
Codecov Report
@@ Coverage Diff @@
## master #1054 +/- ##
=========================================
- Coverage 66.94% 66.45% -0.5%
=========================================
Files 252 256 +4
Lines 7322 7349 +27
Branches 415 424 +9
=========================================
- Hits 4902 4884 -18
- Misses 2334 2377 +43
- Partials 86 88 +2
Continue to review full report at Codecov.
|
jmrossy
force-pushed
the
rossy/wa-security-choice
branch
from
adfa903 to
0174b74
Compare
* master: (61 commits) Remove locales as website is now just in English (#1050) Add MetadataURL to account struct (#1103) Allow validators to use any valid combination of gold commitments as stake (#885) Fix blockscout websocket jsonrpc url (#1096) [Wallet] Preliminary iOS support (#1098) [Wallet] Set security fee description translation in Spanish (#1097) Exclude generated in vscode file watcher setting (#1082) Update .env and .env.integration files (#1087) Allow a testnet to run without ethstats (#1085) Collect exchange rate time series using notification service (#1020) Return to preview view when Fee Education is closed (#1068) [Wallet] Pin Setup Flow v2 (#1054) Added a variable for electoral threshold (#1023) [celotool]Store .env config on GCS after deployment (#1086) Group size limit (#1035) Fix governance unit tests (#1084) Add getExchangeRate to ContractKit (#1083) [CLI]Unlock till the geth exits (#1070) Add Quorum and Refactor Governance (#430) Shuffle elected validators using block randomness (#1033) ...
Description
pincodeTypeTested
Ran through onboarding flow using both phone auth and custom pin
Sent a tx using both phone auth and custom pin
navigated to send flow
Related issues
Backwards compatibility
Yes but I needed to add a redux migration