-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: Disable Hardware Authenticator identities for unsupported Neighborhoods #75
fix: Disable Hardware Authenticator identities for unsupported Neighborhoods #75
Conversation
✅ Deploy Preview for lifted-gwen ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
src/features/accounts/components/accounts-menu/accounts-menu.tsx
Outdated
Show resolved
Hide resolved
src/features/accounts/components/accounts-menu/add-account-modal.tsx
Outdated
Show resolved
Hide resolved
); | ||
})} | ||
{createCards | ||
.filter((c) => !c.requires || services.has(c.requires)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here's the visibility logic: Either don't have a requirement or have a satisfied requirement.
); | ||
})} | ||
{importCards | ||
.filter((c) => !c.requires || services.has(c.requires)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same here.
If this solution is acceptable I'll apply it to liftedinit/alberto#135 too. |
Investigating CI failure. |
Codecov Report
@@ Coverage Diff @@
## main #75 +/- ##
==========================================
+ Coverage 29.15% 30.16% +1.01%
==========================================
Files 61 61
Lines 1012 1041 +29
Branches 208 212 +4
==========================================
+ Hits 295 314 +19
- Misses 714 724 +10
Partials 3 3
📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
I tested this on https://dev002_gwen.liftedinit.tech/ and functionally looks good! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I like it, thanks @stanleyjones
@jgryffindor can we deploy this on QA? I want to test using an HSM.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I tested using a Yubikey on https://qa-gwen.liftedinit.tech/.
The identity switch to Anonymous
selecting an unsupported network doesn't work. Instead, it asks me to touch the key. The new network is selected, but the identity stays the same.
When trying to import my existing ledger wallet I get an error "You're using a security key that's not registered..." and when creating a new account I get an error for Anonymous as well. |
@jgryffindor the first error is expected. The other is not. Did you select the |
Woops, yah disregard the 2nd. Creating account flow with Ledger works as expected for the QA ledger. After login, I switched to the QA KVstore network and it asked me to use the key to log in. It allowed me to select QA KVstore and appeared to be logged in with HWW. I went to Services > Data and it prompted me to login again. It then loops asking for login, so I think we need to catch that sequence and prevent switching to KVStore after logging into Ledger networks with Ledger HWW. |
@fmorency @jgryffindor How are you able to create an HSM identity on qa-gwen.liftedinit.tech? I receive the following error when I try:
Update: Ah... this is what @jgryffindor is talking about above... It works when I switch to "QA Ledger." Now I'm getting the same error: prompted on the HSM but not switching to Anonymous. |
… along with available services
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Made some changes to the NeighborhoodContext to address the current problems.
- NeighborhoodContext now provides both a query and a command network.
- The set of services is updated when the neighborhood changes, not by the component.
interface INeighborhoodContext { | ||
query?: Network; | ||
command?: Network; | ||
services: Set<string>; | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Instead of returning just a Network (using the active Identity), the context is now a little more complex with a Network for queries (anonymous) and one for commands (using the active Identity). Also, the services are computed once and stored in the context, instead of queried at the component level.
const query = new Network(url, anonymous); | ||
const command = new Network(url, identity); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Creating the two Networks here...
src/api/neighborhoods/provider.tsx
Outdated
return; | ||
} | ||
const { endpoints } = await context.query.base.endpoints(); | ||
context.services = endpoints |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
...and updating the services, only when the networks have changed.
{children} | ||
</NeighborhoodContext.Provider> | ||
); | ||
} | ||
|
||
export const useNeighborhoodContext = () => useContext(NeighborhoodContext); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Finally, return a useNeighborhoodContext
custom hook to reduce imports throughout the codebase.
@@ -20,7 +19,7 @@ export type CreateAccountFormData = { | |||
}; | |||
|
|||
export function useCreateAccount() { | |||
const n = useContext(NeighborhoodContext); | |||
const { command: n } = useNeighborhoodContext(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The change to context required a lot of changes. I approached them by changing as little code as possible, mostly destructuring using the existing variable name so I didn't have to touch the rest of the code. I had to decide whether the function needed the query or command network — mutations got command, queries got query.
(async () => { | ||
const isWebAuthnIdentity = | ||
activeAccount?.identity instanceof WebAuthnIdentity; | ||
if (isWebAuthnIdentity && !services.has("idstore")) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Getting the list of services is no longer asynchronous, which I suspect was causing a problem here.
@@ -172,18 +173,21 @@ function CreateAccountOptions({ | |||
}: { | |||
onAddMethodClick: (method: AddAccountMethodTypes) => void; | |||
}) { | |||
const { services } = useNeighborhoodContext(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Now that services is part of the context, I just pull it out at the component level instead of setting it in the container and passing it down through props.
Thanks @stanleyjones. Is there a reason why you diverged from how Alberto is doing this? We already had support for query/command/legacy @jgryffindor can we deploy this to QA for testing? |
Test is deployed to QA @stanleyjones |
Agreed that they need to be reconciled. My thought process was this:
Otherwise I think the context would be |
Okay, I'll investigate. Thanks. Frustrating that we have to deploy to QA for these issues to arise. |
Yeah :(. This is a workaround for the chain breakage we had a while ago. Time was of the essence and I never revisited this (bad) design.
Yes, I agree.
Thanks for reworking that shady part of the code. I will port your design to Alberto and take this opportunity to rework the workaround mess. |
I believe I found the bug. Services were being correctly fetched but not set in the context object used by the account menu component. I still can't fully test this locally since I can't import an HSM for |
@jgryffindor can we deploy this on QA for testing please? |
QA Gwen is updated. Definitely looks better! When switching to a kvstore network with HSM selected I get alerted the network doesn't support it. https://qa-gwen.liftedinit.tech |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The issue appears to be fixed, thanks.
nit: selecting QA Ledger
and then selecting Demo Compute
or Demo KvStore
keeps the HSM identity. The other networks behave properly.
@stanleyjones I'll let you decide if you want to merge as-is or fix it in this PR. Anyhow, you can merge.
It looks like it's getting a CORS error when trying to connect to those networks, so it keeps the list of available services from the previous network. I made it reset each time and handle the error. |
Waiting for CI and then I'll merge. |
Supported Neighborhood
Unsupported Neighborhood
Switching to an Unsupported Neighborhood
Closes #68
Closes #42
Closes #69