frontend password change functionality #57
Conversation
|
Hey @diddledan, thanks for this! (Cc @JocelynDelalande as he started reviewing this on Shout) However, I see that maaaassive diff, I'm a bit scared considering the feature. In particular:
I believe once we clean this up a bit it will be much easier to review :-) |
astorije
added
the
Type: Feature
astorije
added
the
Type: Security
| <input class="input" type="password" name="old_password" placeholder="Enter current password"> | ||
| </div> | ||
| <div class="col-sm-12"> | ||
| <label aria-label="Enter desired new password"> |
|
Thanks for careful review (I have to admit reviewing latest commits, I focused on UI), I got my +1 a bit too early on shout project, there is still work to be done, obviously @diddledan be brave ;-) |
lucyllewy
force-pushed
the
frontend-password-change
branch
from
237a0e8 to
f327a4f
Compare
|
the replaced/upgraded bootstrap was done to add alert-box functionality which was missing from the previous bundle. |
|
Updating bootstrap shouldn't be part of your PR. As for alerts, I'm not fond of how alerts look in bootstrap, maybe using a separate library for the task would be better? http://kamranahmed.info/toast Having some alerts like that will come in handy later on when we will handle IRC errors and disconnections (e.g. show an alert when you get disconnected from a network) |
Depends. As it's motivated, I would be okay with that update to be part of that PR, what do others think ? BS is (trying to) follow semver, so this version jump is supposed to be backward compatible.
BS alerts are fine IMHO (I didn't said it's the best), it will still be time to rework alerts later, let's not make things too hard for this PR or it may never make it to master. |
In that case, can we get alerts added to the current bootstrap version to use? Would make for a simpler diff. |
|
I think it should be its own PR, or at least a separate commit |
|
First of all, @diddledan, this is great. I do believe it is not ready at the moment, but I am strongly in favor and will make sure we can get this to a mergeable state.
I do not agree with this. Such an upgrade requires testing and therefore should be isolated. As a matter of fact, I noticed the following bug:
This bug might not be the upgrade itself, but again by cumulating upgrades, refactors and features, it's very hard for us (at least for me) to see what's wrong in a PR with 1200+ changes. And while this PR does upgrade Bootstrap from 3.2 to 3.5, as @xPaw stated, it also adds components that were removed using Bootstrap's customized builds, making things a bit harder. As a matter of fact, if the extra 1k changes are simply to add that dismissible alert-box to display success/failure, I'd say we are doing something wrong.
@diddledan, a few other things:
That's all I got for now, but I will come back with more once we get to a smaller diff. Keep up the good work, that's a great start! |
|
Thx to everyone for involvement :-) @astorije showed that bootstrap adhesion to semver rule "no breaking change between two minors" is quite loose, so better be cautious.
It turns out that there is no need to update bootstrap to get the alerts, it seems to have been present for a while. Not to over-grow the scope of the PR, nor introduce breaking changes, I'd suggest the following :
@xPaw @astorije @diddledan ok with that ?
I agree with your 2 stages approach : doing "best-effort" with what we have here, keeping it simple, and designing propper notification later, with global thinking. |
Not strongly opinionated on this point. But I'm ok with the proposal to slip it into settings if others are, as it's a common practice, I think users will find it. |
I understand alerts have been removed for this very version of Bootstrap 3.2 we are shipping, using the customized build form I have mentioned earlier, which is why @diddledan added them, and which is why I am suggesting a dumb
I am not ok with this. As said, it's a bigger change that will impact the rest of the features and define some new UI, so it should not be decided as a side-effect of this. Really the |
Hm I think there is something I don't understand, let's state what I understand, and stop me where I'm wrong :
|
Correct.
We can, but should not as stated above. |
lucyllewy
force-pushed
the
frontend-password-change
branch
from
f327a4f to
c3d99a1
Compare
|
I've reverted the bootstrap, replaced the alerts with the |
| @@ -265,6 +265,36 @@ <h1 class="title">Settings</h1> | |||
| Enable notification for all messages | |||
| </label> | |||
| </div> | |||
| <% if (!public) { %> | |||
| <div id="change-password"> | |||
| <form action=""> | |||
Now that's a much nicer diff, I'll do a review when I am outside of work :-) ... Buuuuuut you are going to hate me if not already :-)
Again, will make a bigger review later :-) |
| @@ -1,4 +1,4 @@ | |||
| <!doctype html> | |||
| <!doctype html> | |||
There was a problem hiding this comment.
what changed exactly here ? is it github tripping ?
There was a problem hiding this comment.
it looks like I accidentally saved the file with a UTF-8 BOM identifier. I'll try to remove it in a mo
lucyllewy
force-pushed
the
frontend-password-change
branch
from
c3d99a1 to
e370bdd
Compare
| @@ -46,18 +45,20 @@ var inputs = [ | |||
| "quit", | |||
| "raw", | |||
| "services", | |||
| "setpass", | |||
|
Here's a question: Should the token be re-generated when the password is changed? This would invalidate all sessions, and require them to re-login (re-send new token to current session) with the new password the next time they try to use your account. |
|
@xPaw, while I fully agree with you, here are my 2 cents:
@diddledan, would you mind rebasing with master and fixing what was given in comments (CSS class, Thanks a lot for this, and hang in there, it's getting super close! |
That might be worth looking into. |
lucyllewy
force-pushed
the
frontend-password-change
branch
from
94f1ac6 to
9d6a262
Compare
|
I believe I've fixed all the issues most-recently raised (sr-only labels, extra "setpass" autocomplete reference now removed, and class names/styles) I've also rebased against master |
| @@ -734,7 +759,7 @@ $(function() { | |||
| }); | |||
|
|
|||
| var windows = $("#windows"); | |||
| var forms = $("#sign-in, #connect"); | |||
| var forms = $("#sign-in, #connect, #change-password"); | |||
There was a problem hiding this comment.
[Off-topic of this PR]
I have no idea what's going on here, but this seems fishy. We might want to look into it and its usefulness when we clean up that file.
There was a problem hiding this comment.
AFAICT this is used to wire-up the on-submit event handlers on each of the three elements with those IDs, which happen to be <form> elements (the elements are selected separately as there's commas between each ID, and therefore will return a JQuery object referencing each of the elements with IDs sign-in, connect, and change-password). The event handler we wire-up onto this resultant set of elements calls event.preventDefault() which stops the form submittal from reloading the page. The form is submitted through the websocket or XHR instead?
|
Hi @diddledan, When I'm trying to change the password now, I get no success or error message, could you take a look? :-/ Not that it will hold off my +1, but I left you a comment in I should be all set after that :-) |
|
@YaManicKill, do you mind taking second review after @diddledan has fixed what's currently broken? |
|
Yeah, I'll take a look in the next day or 2. |
|
Ok, then I think the next minor release (maybe tonight if I have time) will get out without this then. Hopefully @diddledan gets some spare time to put the final touch to this before the next next minor release gets out :-) |
- refactor clientManager.js to allow configuration parsing as a serparate
function.
- refactor clientManager.js to add configuration writing function.
- add server.js changes to allow for new password-change functionality
- add password change ui to "settings" screen
- refactor client.js to use new clientManager functionality for saving
the configuration files
lucyllewy
force-pushed
the
frontend-password-change
branch
from
9d6a262 to
b79a918
Compare
|
Alright, excellent work @diddledan, I am finally 👍 Off to a second review now, I don't think it should be blocking as other folks have already taken a look at it! |
|
Looks fine to me code wise. |
|
Yep, I think we finally can merge this one. 👍 👏 |
frontend password change functionality
|
Thaaaat is nice, thanks everyone :-), and congrats @diddledan ! |
function.
the configuration files
duplicates erming/shout#506