Stop moving provider identities between account of a user #3032
Conversation
AlexTugarev
force-pushed
the
at/identities
branch
2 times, most recently
from
6acfca5 to
4b8a5c8
Compare
AlexTugarev
force-pushed
the
at/identities
branch
from
2cd22ec to
ce6d7fa
Compare
in a situation where the browser agent might submit the terms form more than once, we should avoid creating new accounts. instead, we need to select the recently created account for a login in a parallel session.
AlexTugarev
force-pushed
the
at/identities
branch
3 times, most recently
from
cb848b0 to
16c6d11
Compare
| @@ -826,7 +826,6 @@ footer .logo-icon { | |||
|
|
|||
|
|
|||
| .access-control__card-container { | |||
| width: 31%; | |||
There was a problem hiding this comment.
fixing a bogus line wrap occurring with longer hostnames of self-hosted git providers.
| @@ -148,13 +158,15 @@ export class TermsOfService extends React.Component<TermsOfServiceProps, TermsOf | |||
| variant='text' | |||
| color={'secondary'} | |||
| onClick={this.onDecline} | |||
| disabled={this.state.submitted} | |||
There was a problem hiding this comment.
to prevent resubmission if we have a long line to the proxy or dashboard, i.e. make it impossible to resubmit.
| log.info(`(TOS) User was created in a parallel browser session, let's login...`, { logPayload }); | ||
| await this.loginCompletionHandler.complete(req, res, { user, authHost: tosFlowInfo.authHost, returnToUrl: authFlow.returnTo }); | ||
| } else { | ||
| await this.handleTosProceedForNewUser(req, res, authFlow, tosFlowInfo, req.body); |
There was a problem hiding this comment.
fyi, this is the previous default code path
| const user = await this.userService.findUserForLogin({ candidate: tosFlowInfo.candidate }); | ||
| if (user) { | ||
| log.info(`(TOS) User was created in a parallel browser session, let's login...`, { logPayload }); | ||
| await this.loginCompletionHandler.complete(req, res, { user, authHost: tosFlowInfo.authHost, returnToUrl: authFlow.returnTo }); |
There was a problem hiding this comment.
fyi, this is new: if we retry searching for a user and find one, we definitely should not create new account, but login in into the existing one.
There was a problem hiding this comment.
Thanks for tackling this issue @AlexTugarev! It took me longer than expected to reproduce this on the preview environment but here're some thoughts on the UX here. Let me know what you think. 🏀
| `, | ||
| content: ` | ||
| # Before we proceed | ||
| # Create a new Gitpod account with {{AUTH_HOST}} |
There was a problem hiding this comment.
suggestion: We're certainly going to improve this page later on but let me know if you think thee following seems like an improvement that can fit into this iteration. Feel free to leave this out of the scope of this PR and create a follow-up issue.
| BEFORE | AFTER | ALTERNATIVE |
|---|---|---|
 |
 |
 |
There was a problem hiding this comment.
We'll get to this later 🙏🏻
components/dashboard/src/components/access-control/access-control.tsx
Outdated
Show resolved
Hide resolved
| const otherIdentitiesOfUser = user.identities.filter(i => i.authProviderId !== authProvider.authProviderId); | ||
| if (otherIdentitiesOfUser.length === 0) { | ||
| message = (<DialogContentText> | ||
| Disconnecting the single remaining provider would make your account unreachable. Please go the settings, if you want to delete the account. |
There was a problem hiding this comment.
question: Do you think it could be practical to offer account deletion in this step?
There was a problem hiding this comment.
I'd rather not do this. Adding some extra cycles to avoid deleting by accident could be helpful in some cases.
Also, this is something I'd like to push to a follow-up discussion and PR.
| <ApplicationFrame service={service}> | ||
| <div className='content content-area'> | ||
|
|
||
| <h3>Cannot connect with {otherUser.authHost}</h3> |
There was a problem hiding this comment.
suggestion: What do you think of the following? We can keep the verbs like switch if you think this describes more accurate what's going on.
| BEFORE | AFTER |
|---|---|
 |
 |
There was a problem hiding this comment.
Created ${days} days ago and the recommendation on the Primary account is postponed. We'd discuss this separately.
For now we agreed on Other account, as we're missing some infos from server to do it.
OTOH, many thanks on the layout work, @gtsiolis! Awesome!
AlexTugarev
force-pushed
the
at/identities
branch
4 times, most recently
from
4ae48a1 to
4fb4a03
Compare
* allow our users to disconnect provider identities from their accounts * when a user tries to connect with a provider, for which there is already a connection to anther account, we redirect to an assistance page. a summary should help to review both accounts. in the end, any user may decide to move to a single account by disconnecting the provider identities from the other account. this way we can guarantee to not automagically lock out users from accounts with subscriptions or any meaningful data. * show `Connected as` * update terms renderer Signed-off-by: Alex Tugarev <[email protected]>
AlexTugarev
force-pushed
the
at/identities
branch
from
4fb4a03 to
2e95e8d
Compare
|
Testing once again before merging 🙏🏻 |
With these change Gitpod stops moving identities between accounts of a user.
What's inside?
Access Control
On /access-control you now see the provider identity you've connected with, and you get the option to disconnect.
Confirm disconnecting a provider from your account:
Last (or the single) provider identity is a special one, and account deletion sounds is the way how to proceed, otherwise we end up with unreachable accounts.
Instead of moving provider identities between accounts.
Let's guide the user, and give them the options to select and manage accounts.
When we see that a provider identity is connected to a second account, we provide as much details as
possiblenecessary to let them decide on the next step.