Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Image on /lookup does not take you back to the homepage #682

Closed
runasand opened this issue Oct 23, 2014 · 8 comments
Closed

Image on /lookup does not take you back to the homepage #682

runasand opened this issue Oct 23, 2014 · 8 comments
Labels
app
Milestone
0.4

Comments

@runasand
Copy link
Contributor

Say the source is on /lookup and has just submitted something and wishes to go back to the homepage. The logical step would be to click on the SecureDrop logo on the left, but doing so seems to just refresh the page the source is currently on. Is this the expected behavior? If so, do we want to require users to edit the URL to go back to the homepage?
@runasand runasand added the QA label Oct 23, 2014
@garrettr
Copy link
Contributor

@runasand That's intentional, you can look up at the issue/PR where it was implemented. Otherwise it is easy for sources to accidentally go back to the home page and click "Submit documents" again, which will clear their cookies (logging them out). Currently the "check for replies" page does not check if the user is already logged in, so they will be locked out of the account they just created if they didn't memorize/record their code name.

Proposals for an alternative flow welcome.

@runasand
Copy link
Contributor Author

Hah, I actually hit that issue a few minutes after opening this. I agree it makes sense to not have the image point to the homepage on /lookup, and I will think about alternative flows we can consider.

@ikehz
Copy link
Contributor

ikehz commented Nov 8, 2014

How about we just create a "Logout" link, so that it's clear that, if they click it, they'll have to use their code name to get back in?

@diracdeltas
Copy link
Contributor

++ to explicit logout link. @ihmccreery is working on this at the hackathon.

@ikehz ikehz mentioned this issue Nov 8, 2014
Closed
ikehz added a commit to ikehz/securedrop that referenced this issue Nov 8, 2014
@ikehz
add Exit link for source; style logout/navigation links inside of con…
cd59ce5 
…tent div; closes freedomofpress#682
@ikehz ikehz mentioned this issue Nov 8, 2014
Closed
@ikehz
Copy link
Contributor

ikehz commented Nov 10, 2014

@garrettr said of my patch:

Does not close #682, you did not change the link for the image on /lookup.

Further, I'm not sure I think sources should have a logout flow. Their cookies are session cookies, which automatically expire when the browser is closed. Logout flows seems to make more sense if cookies are persistent, or if multiple people want to access their individual accounts on the same website on the same computer (unlikely for SecureDrop).

@ikehz
Copy link
Contributor

ikehz commented Nov 10, 2014

When I was playing around with SecureDrop, as a brand new user, my first instinct for workflow were as follows:

  1. Open up the source index
  2. "Submit documents for the first time"
  3. Submit a document
  4. Logout

When I tried to logout, I couldn't figure out how.

As a (perhaps paranoid) user, it makes me feel weird to not have ability to logout explicitly. Perhaps there's more to be done than returning to the index, but I think it's confusing and weird-feeling to not allow a source to do an action that makes them sure that they've logged out.

@garrettr garrettr added app and removed QA labels Mar 27, 2015
@garrettr garrettr added this to the 0.4 milestone Mar 27, 2015
@garrettr
Copy link
Contributor

This is straightforward to fix, but a little tricky because you need to handle what happens if the source reloads the /generate page after having already created a codename (since this is easy to do by hitting the "Back" button). Since we re-use the same key in the session on both /generate and /lookup, re-visiting /generate would pop the original codename, effectively locking you out if you had failed to memorize or write down the first codename.

The current behavior is intentional, and is designed to prevent this outcome (since it is potentially disastrous, definitely confusing, and very easy to do by accident). We can improve this (and restore the intuitive behavior of clicking on the logo on /lookup), but will need to add supporting UX changes as well.

@garrettr garrettr mentioned this issue Jul 24, 2015
Closed
@redshiftzero
Copy link
Contributor

Looks like this was implemented in PR #1165. Closing...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
app
Projects
None yet
Milestone
0.4
Development

Successfully merging a pull request may close this issue.

Exit link at /lookup takes source back to the homepage
add Exit link for source ikehz/securedrop
5 participants
@runasand @ikehz @garrettr @diracdeltas @redshiftzero