Handle multiple instances of /generate #5075
Conversation
Associate codenames from different browser tabs open to /generate with a unique tab id hidden in the form. This allows to register the source using the codename displayed in the browser tab from which the source proceeds to submit documents instead of the last codename generated (current behavior). Proceeding to submit documents from another tab open to /generate redirects to /lookout with a flash message informing the source they are already logged-in and to verify their codename. The codename is made visible at the bottom of the /lookup page.
DrGFreeman
requested review from
heartsucker,
kushaldas and
redshiftzero
as code owners
Add the tab_id parameter to the /create requests required following the modifications introduced by 3635a4a.
|
Test plan as described passes against dev container. Also tried logging out on Tab A and then attempting to submit on Tab B, which throws to the index page with the "session timed out due to inactivity" flash message. Given the nature of the change I'm running through it on staging and Tor Browser now as well. |
|
Test plan also passes in staging. |
|
Great! Thanks @zenmonkeykstop. I'll start working on the additional functional tests. |
- Verify that the source is registered using the codename displayed in the tab from which they proceed to submit documents even if another codename has been generated in another tab subsequently. - Verify that the source is redirected to /lookup when proceeding to submit from another tab. Verify that a flash message is displayed, that the codename is visible and matches that used to register the source in the initial tab. - Verify the source can submit documents from both tabs.
|
@zenmonkeykstop. I have added a functional test for the main scenario described in the PR template and switched the status to Ready for review. I wonder if I should also add tests for the "Refresh" scenario and the "Logout" scenario you tested as well? |
|
@DrGFreeman more tests the better, if you have time :) |
|
I would recommend removing the
We've kicked this around from the UX perspective a bit more, and I will file an issue for a couple of small follow-up tweaks. Once this anchor redirect is gone, this PR is IMO good to merge as a first pass, from a UX perspective. |
|
Good point @eloquence. I had tested on a high res. monitor where the whole page fits in the default Tor Browser window size. I appreciate this kind of feedback from the UX perspective. It helps me consider additional aspects when proposing a change. I will remove the anchor, update the tests accordingly and as well as add functional tests for the "refresh" and "logout" cases mentioned above. Also, I read the suggestions in #5080. Understanding there are potential further improvements to be made, would you suggest a different (better) wording for the message introduced by the current PR? |
I'd only suggest a slight edit for now: From:
To:
(We don't know for sure if it's a different tab, or a window, and it may be closed by the time they see this.) The rest we can handle in follow-up as we get consensus on any further tweaks per #5080. |
- Hiding codename to ensure flash message is visible first (prevent browser from scrolling down to codename, potentially hiding the flash message on small window heights). - Improve flash message text. - Update source interface and functional tests accordingly.
Two other functional test on their way. Will push them shortly. |
Add a functional test to verify the behavior when refreshing the /generate page when multiple instance of /generate are open simultaneously.
|
Added a test for the "refresh" scenario via 32ab477. I've spent the two last nights trying to implement a test of the "logout" scenario described by @zenmonkeykstop:
When the source logs-out, the However, when I try to replicate this with Selemium, trying to submit from Tab B after the logout results in the driver being stuck on the I will keep investigating this but I currently do not have a solution in view. |
|
Thanks, @DrGFreeman, test coverage you have for this is already great. Gonna review once more today! |
Status
Ready for review.
Description of Changes
Fixes #4458.
Changes proposed in this pull request:
Associate codenames from different browser tabs open to
/generatewith a unique tab id hidden in the form. This allows to register the source using the codename displayed in the browser tab from which the source proceeds to submit documents instead of the last codename generated (current behavior).Proceeding to submit documents from another tab open to
/generateredirects to/lookupwith a flash message informing the source they are already logged-in and to verify their codename. The codename is made visible at the bottom of the/lookuppage.Testing
In the dev VM:
/generateand note the codename (A)./generate./lookup./lookupin tab A corresponds to codename A./lookup./lookupin tab B is visible and matches codename A.Additional tests:
/generate.Deployment
Any special considerations for deployment?
N/A
Checklist
If you made changes to the server application code:
make lint) and tests (make test) pass in the development containerIf you made changes to
securedrop-admin:make -C admin test) pass in the admin development containerIf you made changes to the system configuration:
If you made non-trivial code changes:
test_source.pyandtest_integration.py.functional/test_source.py.If you made changes to documentation:
make docs-lint) passed locallyIf you added or updated a code dependency:
Choose one of the following: