Source Interface Redesign Omnibus

[eaon]

Status

Ready for review

Description of Changes

Refactoring towards #6211 - changes in this PR are primarily visual, the vast majority of the interaction stays the same.

• source.sass is dead, long live source.sass

  A complete rewrite of source.sass, plus quite a bit of the templates as well. So we're separating the source interface and journalist interface (temporarily?) to not break the JI while refreshing the SI according to Nina's specs

• Refactor locale menu

  The menu for locale selection has a lot of unused complex crud we don't need to make it look/work the way it does. Less stuff to wrangle: good!

• Reuse flash message template, supporting "declarative" and icon only messages

  In the future, every flash message ought to have a declarative heading added to it, this change makes that less cumbersome to add in the future once we found the right language. Also: bring flash message categories closer to SI redesign terminology

• Change codename widget UI, and keep it in its own template

  The codename widget should look and work the same in both places where it is being served.

  Regarding the implementation, we're emulating a checkbox visually using ::before pseudo-elements with a label, while the actual checkbox input state is used to show/hide the codename, necessitating that it precedes the codename and label in HTML. (Similar to the locale menu implementation)

• Use descriptive/semantic variables for all use of colors

  Any time a color is used, use a variable that describes the context of its use rather than the color itself. (Distant future possibilities: can help us implement dark mode or - more controversially - allow very simple white label design features beyond just replacing the logo.)

• Switch out icons

  Nina designed some icons for us, and changed some others. Material Design based icons live in their own folder with their own README, referencing the license, plus the SVG files have a comment with an SPDX short identifier.

  There's a lot of files which haven't been used in a long while, so this PR includes a first attempt at cleaning those up, but there's more left to do (font-awesome icons are barely used, make a good candidate for getting cut).

  The new icons are monochrome. This isn't primarily a space-saving measure, but it enables color tweaks by using them as mask-images. Similarly, there's a couple of instances in which there's "negative" icons, where a white image foreground sits on top of a CSS background-color.

  SVG files of these icons are versioned in case images need to be replaced, but SVG rendering is disabled in Tor Browser's "Safest" mode, so they're not directly used in the UI.

• Refactor JS browser warnings

  • Orfox no longer exists, it's now called Tor Browser for Android
  • Update Tor Browser for Android UA regex
  • Removed dead JS
  • Removed dependency on font-awesome icon
  • Removed animations - there's no other animations in the source interface and adds very little value - if we want animations back, I'd suggest implementing them as much as possible with CSS

• Tab focus changes

  Make sure that tab focus is properly visible and works like we want to even on input elements in which what we actually interact with is the label (codename widget & locale menu)

• Add most recent logo - colors were tweaked!

• RTL support

  While RTL support is already present in SD, some of the details weren't quite right. This should flip all relevant UI elements including the codename widget & locale menu.

• Revise button order

  Button order for regular actions is: [ Escape ] [ Action ], where [ Action ] is "solid" / attention-grabbing

  For destructive actions this is reversed: [ Destructive Action ] [ Escape ], and [ Escape ] is "solid"

Testing

Design

• The "Product Colors" logo from Figma is used (colors "pop" more than before)

• Using the latest Tor Browser, nothing shows up distorted, overlaps when it obviously should not, or jumps unexpectedly (on hover, focus, or click)

  • Expected jump: If the codename is long enough to be broken up in two lines, the widget will expand to accommodate two lines instead of one
  • Linux
  • Windows
  • Mac

• Basic liquid layout works

  • Resize browser window for a viewport size smaller than 800px (Tor Browser changes viewport in 100px increments):
    • Index page: "First submission" and "Return visit" on index page sit on top of each other instead of next to each other
    • Everywhere: Logo/locale sits on top of the main content instead of being in a column to the left (right in rtl languages)
    • "Skip to main content" and "Skip to notification" links (that only appear when tabbing through the page) show up above the logo without any content jumping

• The codename widget "weeble" icon is always vertically centered, even when the codename is long enough for a line break

UX

• Button order for regular actions is: [ Cancel ] [ Action ]
• Button order for destructive actions (replies): [ Destructive Action ] [ Cancel ]
• When the locale menu is visible, it shows creates a margin under the menu making the shadow of the menu visible even in pages that would otherwise be too short

Accessibility

• Use the entire workflow of the SI by keyboard only

  • Links can be clicked and forms submitted by pressing return
  • [ ] Show Codename widget checkbox can be interacted with by pressing the spacebar
  • "Skip to main content" link appears on all pages (except the index page)
  • "Skip to notification" link appears on pages which show a notification (except the index page)
  • The logo does not jump when the "Skip to …" links appear

• Items in (tab rather than mouse) focus show a 3 pixel big cyan border, text inputs a light blue border

• Buttons "grow" a border on hover

Screen reader based tests TBD

I18n

• Right-to-left languages (currently only Arabic)

  • Flips the column order
  • Codename stays left-to-right because it's currently English-only
  • Shadow of codename widget "leans" to the left
  • Icons (flash messages, weeble in codename widget and login form) are shown on the right
  • Checkbox in the codename widget is shown on the right side of the text
  • Date/time and trash cans for deletion of replies are shown on the left

• Arabic specifics

  • Arabic does not have any letter spacing applied
  • Codename (which uses an English word list) but has letter spacing applied

Staging

• Verify that all templates are accessible to Apache
• Verify that all images loaded by CSS and HTML are accessible to Apache

Demo site usage

• UI renders the same on Browsers other than Firefox/Tor Browser
  • Chrome/Chromium
  • Safari
  • Edge

Checklist

• Linting (make lint) and tests (make test) pass in the development container
• I have updated AppArmor rules to include the change
• I have written a test plan and validated it for this PR
• I would appreciate help with the documentation

Known issues

• In Tor Browser/Firefox, zoom at certain sizes (but at least 120% to 150%) slightly distorts the icon of the info box underneath "Read Replies" on /lookup

Comments

The most unusual (and arguably impactful) choice I made in this change (other than to opt for refactoring in the first place) is avoiding adding to HTML whenever possible/reasonable, instead of following BEM or a similar methodology. This intentional, as BEM duplicates a lot of information already implicitly present in HTML, while not providing us with enough benefits for our (web-tech wise rather niche) use case. Onion services bandwidth can be incredibly limited at times, which steers me away from redundant HTML especially because SecureDrop's frontend wouldn't benefit much (at all?) of moving to more discrete components. The main downside is that there are a few uses of complex CSS selectors that aren't particularly friendly to developers that don't do a lot of frontend design work (especially if/when Sass gets removed as would be my preference), but it is far from overwhelming because the SI doesn't have that many different screens to begin with.

[eloquence]

Took a quick first spin, coming together really nicely! A few quick notes from my end:

• I would prefer to keep the logo tweaks out of scope for now; we didn't discuss it at length, and we'd have to update in multiple places and ensure it's available for third party use.
• The codename widget looks great. I'll note that it does wrap codenames a lot more frequently than the old one. When it wraps it takes up a lot of space, and might also induce more copy/paste errors.
• The codename, "show passphrase" widget and "Continue" button are currently stacked very closely together. Figma has a bit more whitespace at the bottom; I'd also appreciate @tina-ux's eye on this.
  

[eaon]

• Logo: 👍 you got it
• Codename widget wrapping: Yes, agreed. I was mulling over this a bit, in part it's a side effect of slightly different/more consistent spacing of the layout, but that bothered me too. Will revisit/adjust.
• "Show [Codename|Passphrase]" / Continue button spacing: totally a late-rebase oversight on my part, will take care of that too

[eaon]

Feedback incorporated

[legoktm]

Overall testing went well, no issues with functionality. I left inline comments about possible localization issues.

It somewhat bothers me that the shape/size redacted version of the codename doesn't actually match the underlying codename. I don't know how hard it would be to implement that though.

[legoktm]

Did you test if this pattern works with the pybabel extractor? IIRC it scans the Python source code looking for gettext() function calls.

[legoktm]

Specifically see https://github.com/python-babel/babel/blob/61109c4bd4d60a79d7cb5f216a8286ddff6fb30b/babel/messages/extract.py#L31 - I think we'd need a custom extractor if we want to support more function names.

[eaon]

You're totally correct, I was overly optimistic/absent minded about pybabel. Changed the helper function and returned to the gettext() calls

[legoktm]

I think this might be a pre-existing problem, but these variable names/colors are kind of useless to me because I would have no clue when to use cerulean vs cyan vs grimace blue, you get the idea.

I like what the Wikimedia Style Guide does with Red90, Red50, Red30, etc.: https://design.wikimedia.org/style-guide/visual-style_colors.html and https://design.wikimedia.org/style-guide/resources/WikimediaUI_color_palette.svg

[zenmonkeykstop]

My kneejerk reaction to this was "absolutely, and functional descriptions would be even better", but looking ahead in _source_vars.sass, the actual variables using these colors are pretty well-named, and those vars are what actually get used. (I don't know if this modifies your postion at all).

[eaon]

Yep, the color names are partially inherited, some are taken from Figma, some are new because they haven't had a name assigned but popped up often enough (for what it's worth it might be cool to introduce them in Figma as well but I'm better at reading Figma than changing stuff on there). source.sass should never reference those colors directly (which is what "local referencing" is intended to convey - maybe I should expand the comment?)

My general preference would be that developers wouldn't make the (final) choice for what color is used where. Ideally @tina-ux would be involved in the process before implementation happens, but even if that's not possible, a descriptive variable name should be used in source.sass and the final color can be adjusted later on. Does that make sense?

[zenmonkeykstop]

Stepped through source flow in a staging environment, looks great, notes as follows:

• no issues with apparmor denies, but comparing the profile to what's installed shows some deleted resources still listed (mostly not introduced by this PR)
• (personal pref) the explanatory reply text is pretty tiny for me on Debian 11 and TBB, I don't see the rationale in having it be 3 points smaller than other page text.

With fixes requested by other reviewers and tweaks to the Apache apparmor profile, this looks good to go!

[zenmonkeykstop]

file was deleted, not needed in apparmor profile anymore. (also journalist_templates/delete.html was removed in 2.3.0, tho strictly speaking not in scope for this PR)

[zenmonkeykstop]

not introduced in this release, but looks like this and static/css/normalize.css has been gone for a long time!

[zenmonkeykstop]

cssmin was removed in #4227 so these are no longer present.

[eaon]

the explanatory reply text is pretty tiny for me on Debian 11 and TBB

As far as I remember, there's two parts to this, though the second one I recalled from memory so take that with a grain of salt:

• Upcoming language changes - keeping the mental load for sources low by providing them with clearer but simpler instructions
• If you compare it with the full-redesign mockup (warning: outdated language there), the size feels more appropriate IMO - that too is (IIRC) a form of lowering the mental load but with design instead - while still highlighting good practice, we're toning down the scary stuff.

@tina-ux what do you think, as a sort of in-between stage, is it more appropriate to adapt font-sizes a tad?

As for your requested changes, I updated the AppArmor profile accordingly 🙂

[eaon]

Checked in with Tina and decided to increase the font size of the reply info note by 2 pixels!

[codecov-commenter]

Codecov Report

Merging #6315 (15d0241) into develop (f0dd9a8) will decrease coverage by 0.22%.
The diff coverage is 92.85%.

@@             Coverage Diff             @@
##           develop    #6315      +/-   ##
===========================================
- Coverage    84.02%   83.79%   -0.23%     
===========================================
  Files           61       62       +1     
  Lines         4312     4320       +8     
  Branches       524      525       +1     
===========================================
- Hits          3623     3620       -3     
- Misses         565      575      +10     
- Partials       124      125       +1     

Impacted Files	Coverage Δ
securedrop/source_app/main.py	92.75% <90.47%> (-0.49%)	⬇️
securedrop/source_app/utils.py	93.22% <100.00%> (+0.11%)	⬆️
...versions/3d91d6948753_create_source_uuid_column.py	42.85% <0.00%> (-2.60%)	⬇️
securedrop/encryption.py	89.43% <0.00%> (-0.80%)	⬇️
...ns/b7f98cfd6a70_make_filesystem_id_non_nullable.py	44.44% <0.00%> (ø)

📣 Codecov can now indicate which changes are the most critical in Pull Requests. Learn more

[zenmonkeykstop]

Thanks @eaon and @tina-ux, apparmor and UX changes look good!

[legoktm]

I only tested in dev and not staging, but everything LGTM otherwise!