-
Notifications
You must be signed in to change notification settings - Fork 4.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
UI: [VAULT-19783] Set up root token warning modal #23277
Conversation
CI Results: |
Build Results: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One question, but nothing blocking. Thank you for this!
@@ -32,6 +32,15 @@ | |||
</div> | |||
</div> | |||
<div class="namespace-list {{if this.isAnimating 'animated-list'}}"> | |||
{{#if this.auth.isRootToken}} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I opted to follow what's being done in the user menu dropdown see here. hen we use AlertInline
, with type warning
the icon looks really small and styling gets a little wonky and with type compact
the namespace picker dropdown gets pulled to the top (see attached images).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me! Just needs an updated changelog, and one question about the sticky flash message. I imagine this is going to just cause more people frustration and not lead to more people reading the message, unfortunately. It may be unnecessary to make it sticky since we have more information in the namespace picker now
this.flashMessages.warning( | ||
'You have logged in with a root token. As a security precaution, this root token will not be stored by your browser and you will need to re-authenticate after the window is closed or refreshed.' | ||
'You have logged in with a root token. As a security precaution, this root token will not be stored by your browser and you will need to re-authenticate after the window is closed or refreshed.', | ||
ENV.environment !== 'development' ? { sticky: true } : {} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is making the flash message sticky necessary?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is the alternative we decided in UI sync last week instead of implementing a modal (since that seemed the most disruptive)
But - I'd agree that the overall issue is I think when users are logged out unexpectedly which happens 1. changing namespaces and 2. when we refresh internally
The dropdown alert solves number 1. For number 2 - we could revert the sticky flash message, or make it appear a little bit longer, in favor of tracking down and adding a warning to the "sneaky" times we log people out. What do you think?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I thought the initial intent of the modal was to warn people after they have clicked a namespace link, before we transition them, to warn that they were about to be logged out due to using a root token. That seems to be where the most complaints have been, which corresponds to your 1
above.
For refreshing internally, it probably would be good to have at least an internal map of when that happens. I haven't heard as many complaints about that but if the longer-lived flash message was discussed to handle that case, that makes sense to me
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We discussed alternatives to the modal during ui sync last week because there was confusion on the original ask.
That's helpful context that most of the complaints were related to changing namespaces. I agree - the namespace picker feels sufficient.
We didn't discuss a longer-lived flash message, but perhaps that can be revisited (along with internal mapping of refreshing) if more user complaints come in after this change
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Amazing thanks Claire + Chelsea for the feedback! I just updated the changelog + removed the sticky from the flash message. If either one of you has time, could you take a look? :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Excellent, thank you for your diligence!
Description
New designs/ux for the root token warning.