Page MenuHomePhabricator

[lib] Add hook to log out on invalid CSAT
ClosedPublic

Authored by bartek on Nov 18 2024, 6:46 AM.
Tags
None
Referenced Files
F3520732: D13955.id.diff
Mon, Dec 23, 1:12 AM
F3515509: D13955.id45862.diff
Sun, Dec 22, 8:59 AM
Unknown Object (File)
Mon, Dec 16, 2:42 AM
Unknown Object (File)
Mon, Dec 16, 2:42 AM
Unknown Object (File)
Sun, Dec 15, 12:03 PM
Unknown Object (File)
Fri, Dec 13, 10:22 PM
Unknown Object (File)
Tue, Dec 10, 1:12 AM
Unknown Object (File)
Thu, Dec 5, 10:01 AM
Subscribers

Details

Summary

Address ENG-9528.
Added a hook that performs authoritative keyserver and visual logout. It should be called when Identity is already logged out.

Test Plan

Tested together with the next diff where it is used

Diff Detail

Repository
rCOMM Comm
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

bartek held this revision as a draft.
lib/actions/user-actions.js
283 ↗(On Diff #45862)

Leftover

bartek published this revision for review.Nov 21 2024, 9:08 AM
bartek added a reviewer: ashoat.

I have two concerns about this diff:

  1. Inline comment
  2. When this hook is called, the device is immediately logged out without notice. This might be a bad user experience, so I thought about displaying an alert/modal saying sth like "This device has been externally logged out. Please log in again". On the other hand, when this device was logged out by the primary device, the user is expecting all devices to log out, so maybe the UX is not that bad.
lib/actions/user-actions.js
282–294 ↗(On Diff #45862)

The hook is supposed to do:

  • Keyserver logout
  • Visual/SQLite logout (triggered on logOutActionTypes.success)
  • No Identity logout since at this point when the hook is called, the device has already been logged out of Identity

Visual logout is the most important, so I was wondering about doing

try {
  await callKeyserverLogout()
} catch {}

to always succeed. However I don't understand impact of the action's return value (LogOutResult type) and I don't know what to return when keyserver logout fails.

ashoat requested changes to this revision.Nov 21 2024, 6:04 PM

When this hook is called, the device is immediately logged out without notice. This might be a bad user experience, so I thought about displaying an alert/modal saying sth like "This device has been externally logged out. Please log in again". On the other hand, when this device was logged out by the primary device, the user is expecting all devices to log out, so maybe the UX is not that bad.

Hmm... that's an interesting question. I'm not immediately sure what would be better. Can you clarify in what scenarios (both currently as well as in the future) that we'll trigger UnauthorizedDevice? If it's always initiated by the user on their primary, then I don't think we need an alert. But if there's other cases where the user might not already have context, then I think it might be worth implementing an alert. (We could also consider differentiating these two cases in some way, such as using different error codes.)

lib/actions/user-actions.js
282–294 ↗(On Diff #45862)

Visual/SQLite logout (triggered on logOutActionTypes.success)

Visual logout actually begins on logOutActionTypes.started, which flips dataLoaded.

Visual logout is the most important, so I was wondering about doing

try {
  await callKeyserverLogout()
} catch {}

to always succeed. However I don't understand impact of the action's return value (LogOutResult type) and I don't know what to return

While visual logout will be initiated either way since it's based on logOutActionTypes.started, it's still important that was guarantee that logOutActionTypes.success gets called. This is why the other actions all swallow errors like you've described.

However I don't understand impact of the action's return value (LogOutResult type) and I don't know what to return when keyserver logout fails.

The significance is that it becomes the payload for the logOutActionTypes.success action dispatched on the next line. Since this is primarily a keyserver logout, have you tried modelling it after the keyserverLogOut function?

284 ↗(On Diff #45862)

The other logouts all have a Promise.race to guarantee that the logOutActionTypes.success action eventually gets dispatched. Why'd you skip it in your new one?

This revision now requires changes to proceed.Nov 21 2024, 6:04 PM

When this hook is called, the device is immediately logged out without notice. This might be a bad user experience, so I thought about displaying an alert/modal saying sth like "This device has been externally logged out. Please log in again". On the other hand, when this device was logged out by the primary device, the user is expecting all devices to log out, so maybe the UX is not that bad.

Hmm... that's an interesting question. I'm not immediately sure what would be better. Can you clarify in what scenarios (both currently as well as in the future) that we'll trigger UnauthorizedDevice? If it's always initiated by the user on their primary, then I don't think we need an alert. But if there's other cases where the user might not already have context, then I think it might be worth implementing an alert. (We could also consider differentiating these two cases in some way, such as using different error codes.)

There are two scenarios:

  1. User issued this on primary device
    • Primary device logout
    • Primary backup restore protocol
    • Logout the secondary device via device list UI menu
  2. Password reset by Comm staff (performed upon user's request)

In my opinion, in all these cases the user is aware that the device should now be logged out.

lib/actions/user-actions.js
282–294 ↗(On Diff #45862)

Visual logout actually begins on logOutActionTypes.started, which flips dataLoaded.

That's right, I confused these two.

However I don't understand impact of the action's return value (LogOutResult type) and I don't know what to return when keyserver logout fails.

The significance is that it becomes the payload for the logOutActionTypes.success action dispatched on the next line. Since this is primarily a keyserver logout, have you tried modelling it after the keyserverLogOut function?

I mean, I'm aware that return value is the action payload. I didn't understand the impact of the payload in reducers where it's used.

Either way, as stated in my above comment, my concern is solved because keyserverLogOut already swallows errors.

284 ↗(On Diff #45862)

In useLogOut() The Promise.race is called for Identity promise, while keyserver promise is ran in Promise.all.

But I didn't notice that callKeyserverLogOut() already swallows errors in the keyserverLogOut call, so it never fails here

Remove console log, add comment about error swallowing

Thanks, I somehow missed that you were already going through keyserverLogOut here

This revision is now accepted and ready to land.Mon, Nov 25, 6:02 AM
This revision was automatically updated to reflect the committed changes.