Page MenuHomePhabricator

[lib][web] Update condition for Redux state reset in SET_NEW_SESSION reducers
ClosedPublic

Authored by ashoat on Mar 3 2024, 9:06 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Nov 12, 5:04 AM
Unknown Object (File)
Tue, Nov 12, 3:42 AM
Unknown Object (File)
Thu, Nov 7, 3:32 PM
Unknown Object (File)
Tue, Oct 29, 9:48 AM
Unknown Object (File)
Oct 15 2024, 3:16 AM
Unknown Object (File)
Oct 10 2024, 2:36 PM
Unknown Object (File)
Oct 4 2024, 2:46 AM
Unknown Object (File)
Oct 4 2024, 2:46 AM
Subscribers

Details

Summary

We have some logic in reducers to special-case SET_NEW_SESSION when a cookie is invalidated.

This diff introduces three changes:

  1. Now that we have authoritativeKeyserverID, I figured we should check it. The only time a SET_NEW_SESSION should lead to a state reset is when it's for the authoritative keyserver.
  2. I changed it from checking usingCommServicesAccessToken to checking relyingOnAuthoritativeKeyserver. As long as we rely on an authoritative keyserver, we'll wait until we auth with it before logging the user in. As such, we should treat a deauth with the authoritative keyserver as a logout, and reset the state in that case.
  3. I added a check for relyingOnAuthoritativeKeyserver to reduceCurrentUserInfo, which already had the authoritativeKeyserverID check.

Separately, something I'm wondering about... in some cases we check action.payload.sessionChange.cookieInvalidated, and in others we check action.payload.sessionChange.currentUserInfo?.anonymous. Is there any difference in these checks? Should we unify them? Wanted to ask @inka as they have touched this code recently and probably made the same observation.

Depends on D11228

Test Plan

I used this test plan for the whole stack: https://gist.github.com/Ashoat/75ab690d5c53cdd68a51b02e03e27c58

Diff Detail

Repository
rCOMM Comm
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

Separately, something I'm wondering about... in some cases we check action.payload.sessionChange.cookieInvalidated, and in others we check action.payload.sessionChange.currentUserInfo?.anonymous. Is there any difference in these checks? Should we unify them? Wanted to ask @inka as they have touched this code recently and probably made the same observation.

According to our types, if cookieInvalidated: true, then currentUserInfo is LoggedOutUserInfo.
It also looks like actually every time we send currentUserInfo: { anonymous: true }, then we also set cookieInvalidated: true, but this is less straightforward and connected to some logic on the keyserver side

I'm not sure if we want it to be possible to send one without the other. If so, I don't know why we would want to leave for example the enabled apps or the user store, if we logged the user out (dataLoaded is set to false if anonymous: true, so the logout screen is shown). This may need to be reviewed

It sounds like it would be a good idea to make all of this consistent then.

Based on the ClientSessionChange Flow type, it seems like the action.payload.sessionChange.currentUserInfo.anonymous check is slightly more "generic" than the action.payload.sessionChange.cookieInvalidated... meaning if cookieInvalidated is true, then anonymous is definitely true, but it's possible (according to types) for anonymous to be true but cookieInvalidated to be false.

But on the other hand, I think the cookieInvalidated check is more readable. And based on @inka's investigation, it doesn't seem like the "cookieInvalidated is false but anonymous is true" case is possible on the keyserver side.

Based on that, I'll opt to unify everything to use the cookieInvalidated check.

Unify around cookieInvalidated. I'm open to another approach, so @inka feel free to let me know if I should go the other way

lib/reducers/report-store-reducer.js
125 ↗(On Diff #37801)

Flow is forcing this change after the other change in this file. To be honest I'm not sure why...

Unify around cookieInvalidated. I'm open to another approach, so @inka feel free to let me know if I should go the other way

I think this is better, since we planned to remove LoggedOutUserInfo at some point ENG-5625

This revision is now accepted and ready to land.Mar 5 2024, 5:25 AM