fix: Disable Hardware Authenticator identities for unsupported Neighborhoods #75
Conversation
✅ Deploy Preview for lifted-gwen ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
src/features/accounts/components/accounts-menu/accounts-menu.tsx
Outdated
Show resolved
Hide resolved
src/features/accounts/components/accounts-menu/add-account-modal.tsx
Outdated
Show resolved
Hide resolved
| ); | ||
| })} | ||
| {createCards | ||
| .filter((c) => !c.requires || services.has(c.requires)) |
There was a problem hiding this comment.
Here's the visibility logic: Either don't have a requirement or have a satisfied requirement.
| ); | ||
| })} | ||
| {importCards | ||
| .filter((c) => !c.requires || services.has(c.requires)) |
|
If this solution is acceptable I'll apply it to liftedinit/alberto#135 too. |
|
Investigating CI failure. |
Codecov Report
@@ Coverage Diff @@
## main #75 +/- ##
==========================================
+ Coverage 29.15% 30.16% +1.01%
==========================================
Files 61 61
Lines 1012 1041 +29
Branches 208 212 +4
==========================================
+ Hits 295 314 +19
- Misses 714 724 +10
Partials 3 3
📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
|
I tested this on https://dev002_gwen.liftedinit.tech/ and functionally looks good! |
There was a problem hiding this comment.
I like it, thanks @stanleyjones
@jgryffindor can we deploy this on QA? I want to test using an HSM.
There was a problem hiding this comment.
I tested using a Yubikey on https://qa-gwen.liftedinit.tech/.
The identity switch to Anonymous selecting an unsupported network doesn't work. Instead, it asks me to touch the key. The new network is selected, but the identity stays the same.
|
When trying to import my existing ledger wallet I get an error "You're using a security key that's not registered..." and when creating a new account I get an error for Anonymous as well. |
|
@jgryffindor the first error is expected. The other is not. Did you select the |
|
Woops, yah disregard the 2nd. Creating account flow with Ledger works as expected for the QA ledger. After login, I switched to the QA KVstore network and it asked me to use the key to log in. It allowed me to select QA KVstore and appeared to be logged in with HWW. I went to Services > Data and it prompted me to login again. It then loops asking for login, so I think we need to catch that sequence and prevent switching to KVStore after logging into Ledger networks with Ledger HWW. |
|
@fmorency @jgryffindor How are you able to create an HSM identity on qa-gwen.liftedinit.tech? I receive the following error when I try: Update: Ah... this is what @jgryffindor is talking about above... It works when I switch to "QA Ledger." Now I'm getting the same error: prompted on the HSM but not switching to Anonymous. |
… along with available services
| interface INeighborhoodContext { | ||
| query?: Network; | ||
| command?: Network; | ||
| services: Set<string>; | ||
| } |
There was a problem hiding this comment.
Instead of returning just a Network (using the active Identity), the context is now a little more complex with a Network for queries (anonymous) and one for commands (using the active Identity). Also, the services are computed once and stored in the context, instead of queried at the component level.
| const query = new Network(url, anonymous); | ||
| const command = new Network(url, identity); |
There was a problem hiding this comment.
Creating the two Networks here...
src/api/neighborhoods/provider.tsx
Outdated
| return; | ||
| } | ||
| const { endpoints } = await context.query.base.endpoints(); | ||
| context.services = endpoints |
There was a problem hiding this comment.
...and updating the services, only when the networks have changed.
| {children} | ||
| </NeighborhoodContext.Provider> | ||
| ); | ||
| } | ||
|
|
||
| export const useNeighborhoodContext = () => useContext(NeighborhoodContext); |
There was a problem hiding this comment.
Finally, return a useNeighborhoodContext custom hook to reduce imports throughout the codebase.
| @@ -20,7 +19,7 @@ export type CreateAccountFormData = { | |||
| }; | |||
|
|
|||
| export function useCreateAccount() { | |||
| const n = useContext(NeighborhoodContext); | |||
| const { command: n } = useNeighborhoodContext(); | |||
There was a problem hiding this comment.
The change to context required a lot of changes. I approached them by changing as little code as possible, mostly destructuring using the existing variable name so I didn't have to touch the rest of the code. I had to decide whether the function needed the query or command network — mutations got command, queries got query.
| (async () => { | ||
| const isWebAuthnIdentity = | ||
| activeAccount?.identity instanceof WebAuthnIdentity; | ||
| if (isWebAuthnIdentity && !services.has("idstore")) { |
There was a problem hiding this comment.
Getting the list of services is no longer asynchronous, which I suspect was causing a problem here.
| @@ -172,18 +173,21 @@ function CreateAccountOptions({ | |||
| }: { | |||
| onAddMethodClick: (method: AddAccountMethodTypes) => void; | |||
| }) { | |||
| const { services } = useNeighborhoodContext(); | |||
There was a problem hiding this comment.
Now that services is part of the context, I just pull it out at the component level instead of setting it in the container and passing it down through props.
|
Thanks @stanleyjones. Is there a reason why you diverged from how Alberto is doing this? We already had support for query/command/legacy @jgryffindor can we deploy this to QA for testing? |
|
Test is deployed to QA @stanleyjones |
|
I tested the feature in QA and it doesn't appear to work. I imported an existing account from the QA Ledger. The account was imported but Gwen reverted back to Anonymous instantly. Selecting the HSM account from the account menu always reverts back to Anonymous, even if the network has HSM support.
|
Agreed that they need to be reconciled. My thought process was this:
Otherwise I think the context would be |
Okay, I'll investigate. Thanks. Frustrating that we have to deploy to QA for these issues to arise. |
Yeah :(. This is a workaround for the chain breakage we had a while ago. Time was of the essence and I never revisited this (bad) design.
Yes, I agree.
Thanks for reworking that shady part of the code. I will port your design to Alberto and take this opportunity to rework the workaround mess. |
|
I believe I found the bug. Services were being correctly fetched but not set in the context object used by the account menu component. I still can't fully test this locally since I can't import an HSM for |
|
@jgryffindor can we deploy this on QA for testing please? |
|
QA Gwen is updated. Definitely looks better! When switching to a kvstore network with HSM selected I get alerted the network doesn't support it. https://qa-gwen.liftedinit.tech |
There was a problem hiding this comment.
The issue appears to be fixed, thanks.
nit: selecting QA Ledger and then selecting Demo Compute or Demo KvStore keeps the HSM identity. The other networks behave properly.
@stanleyjones I'll let you decide if you want to merge as-is or fix it in this PR. Anyhow, you can merge.
|
It looks like it's getting a CORS error when trying to connect to those networks, so it keeps the list of available services from the previous network. I made it reset each time and handle the error. |
|
Waiting for CI and then I'll merge. |
Supported Neighborhood
Unsupported Neighborhood
Switching to an Unsupported Neighborhood
Closes #68
Closes #42
Closes #69