-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add 2-factor authentication #18576
Conversation
Important notes / open questions:
|
Yes, we missed it. That sounds good 👍
I can get that for you!
I tried using different levels while writing the doc, but looks like 'Q' is closest to the proposed one. Do you think any other level is closest to the proposed one? If so, we can use that. 😄 |
Awesome, thanks @MonilBhavsar ! Here is a quick comparison between all QRCode levels: Personally, I find the |
L looks good to me 👍 |
src/pages/settings/Security/TwoFactorAuth/TwoFactorAuthForm/BaseTwoFactorAuthForm.js
Outdated
Show resolved
Hide resolved
@MonilBhavsar All new comments resolved, good catches! 👍🏻 Regarding clearing the Onyx data, since that page is now a functional component (following the effort to migrate away from Class Components) I disabled the
And here's the shield icon result: |
Reviewer Checklist
Screenshots/VideosWebScreen.Recording.2023-05-17.at.3.28.05.PM.movMobile Web - ChromeScreen.Recording.2023-05-17.at.3.57.16.PM.movMobile Web - SafariScreen.Recording.2023-05-17.at.5.19.22.PM.movDesktopScreen.Recording.2023-05-17.at.3.30.55.PM.movAndroidScreen.Recording.2023-05-17.at.4.05.27.PM.mov |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great work @thiagobrez 👏
✋ This PR was not deployed to staging yet because QA is ongoing. It will be automatically deployed to staging after the next production release. |
🚀 Deployed to staging by https://github.com/MonilBhavsar in version: 1.3.16-0 🚀
|
🚀 Deployed to production by https://github.com/chiragsalian in version: 1.3.16-7 🚀
|
2 similar comments
🚀 Deployed to production by https://github.com/chiragsalian in version: 1.3.16-7 🚀
|
🚀 Deployed to production by https://github.com/chiragsalian in version: 1.3.16-7 🚀
|
🚀 Deployed to production by https://github.com/chiragsalian in version: 1.3.16-7 🚀
|
A minor regression caused due to height styles having less value - #19571 |
Just updating on another issue caused by this PR as part BZ checklist. |
Thanks for pointing out @abdulrahuman5196 . Will take more care next time 🚀 |
twoFactorAuthCodesButton: { | ||
minWidth: 100, | ||
}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The min width here was not enough and caused the copy button's width to change on click resulting in buttons jump behaviour #21566
<Button | ||
success | ||
text={props.translate('common.next')} | ||
isDisabled |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
✋ Coming from #20848
We want the button to be pressed like what we have for the sign-in page and maintain consistency between a similar flow.
* @returns {string} | ||
*/ | ||
function buildAuthenticatorUrl() { | ||
return `otpauth://totp/Expensify:${props.account.primaryLogin}?secret=${props.account.twoFactorAuthSecretKey}&issuer=Expensify`; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Coming from #19366:
props.account.primaryLogin
is not 100% value.
When user create new account, this value doesn't exist.
Instead, we replaced this with session.email
which is stable value.
Details
Implementation of the 2-factor authentication flow, according to the design doc.
Fixed Issues
$ #18080
PROPOSAL: GH_LINK_ISSUE(COMMENT)
Tests
Enabling 2-FA flow:
Step 1: Recovery Codes
Step 2: Verify
Step 3: Finished
Disabling 2-FA flow:
Offline tests
QA Steps
Enabling 2-FA flow:
Step 1: Recovery Codes
Step 2: Verify
Step 3: Finished
Disabling 2-FA flow:
PR Author Checklist
### Fixed Issues
section aboveTests
sectionOffline steps
sectionQA steps
sectiontoggleReport
and notonIconClick
)myBool && <MyComponent />
.src/languages/*
files and using the translation methodWaiting for Copy
label for a copy review on the original GH to get the correct copy.STYLE.md
) were followedAvatar
, I verified the components usingAvatar
are working as expected)/** comment above it */
this
properly so there are no scoping issues (i.e. foronClick={this.submit}
the methodthis.submit
should be bound tothis
in the constructor)this
are necessary to be bound (i.e. avoidthis.submit = this.submit.bind(this);
ifthis.submit
is never passed to a component event handler likeonClick
)StyleUtils.getBackgroundAndBorderStyle(themeColors.componentBG)
)Avatar
is modified, I verified thatAvatar
is working as expected in all cases)ScrollView
component to make it scrollable when more elements are added to the page.main
branch was merged into this PR after a review, I tested again and verified the outcome was still expected according to theTest
steps.Screenshots/Videos
Web
web.mov
safari.mov
Mobile Web - Chrome
android.web.mov
Mobile Web - Safari
ios.web.mp4
Desktop
desktop.mov
iOS
ios.mp4
Android
android.mov