Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Show warning if user already set an application password #3048

Merged
merged 8 commits into from
Jun 27, 2024

Conversation

DL6ER
Copy link
Member

@DL6ER DL6ER commented Jun 15, 2024

What does this implement/fix?

See title.

No app password is set

Screenshot from 2024-06-15 11-23-25

App password is already set

Screenshot from 2024-06-15 11-22-25


Related issue or feature (if applicable): N/A

Pull request in docs with documentation (if applicable): N/A


By submitting this pull request, I confirm the following:

  1. I have read and understood the contributors guide, as well as this entire template. I understand which branch to base my commits and Pull Requests against.
  2. I have commented my proposed changes within the code.
  3. I am willing to help maintain this change if there are issues with it later.
  4. It is compatible with the EUPL 1.2 license
  5. I have squashed any insignificant commits. (git rebase)

Checklist:

  • The code change is tested and works locally.
  • I based my code and PRs against the repositories developmental branch.
  • I signed off all commits. Pi-hole enforces the DCO for all contributions
  • I signed all my commits. Pi-hole requires signatures to verify authorship
  • I have read the above and my PR is ready for review.

@DL6ER DL6ER requested a review from a team June 15, 2024 09:27
@yubiuser
Copy link
Member

This is a nice idea. I only fear that the hint is not strong enough. Could we have this warning as a preceding modal that allows to cancel or proceed (to the actual app password modal) and requires an active click to continue?

rdwebdesign
rdwebdesign previously approved these changes Jun 15, 2024
@rdwebdesign rdwebdesign dismissed their stale review June 15, 2024 17:56

Waiting for comments about yubiuser idea before approving.

settings-api.lp Outdated Show resolved Hide resolved
@DL6ER DL6ER force-pushed the tweak/warn_apppw branch from b4fe5a6 to 513b700 Compare June 16, 2024 05:50
DL6ER and others added 3 commits June 16, 2024 07:54
@rdwebdesign rdwebdesign requested review from yubiuser and a team June 17, 2024 18:47
@rdwebdesign
Copy link
Member

Screenshots:

image

Copy link
Member

@yubiuser yubiuser left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On midnight and high contrast dark theme the cross is hard to see

Screenshot at 2024-06-25 22-21-39


Why do those two buttons have different colors? Is one more important than the other?
Screenshot at 2024-06-25 22-21-58


If no app password is currently set, we should not show the button to remove it.
Screenshot at 2024-06-25 22-22-40

@rdwebdesign
Copy link
Member

rdwebdesign commented Jun 25, 2024

1.

On midnight and high contrast dark theme the cross is hard to see

Fixed.

2.

Why do those two buttons have different colors? Is one more important than the other?

I don't know why they were created like this, but I don't mind the different colors in this case. Maybe someone else has an explanation for the colors.

3.

If no app password is currently set, we should not show the button to remove it.

I agree. Actually, the app password is always generated when this modal is opened:
https://github.com/pi-hole/FTL/blob/0367117cad371bb9cbe41dfd0ead69c39e8e5192/src/api/api.c#L39

https://github.com/pi-hole/FTL/blob/0367117cad371bb9cbe41dfd0ead69c39e8e5192/src/api/2fa.c#L312-L338

@yubiuser
Copy link
Member

Actually, the app password is always generated when this modal is opened:

Mhh.. sure, it must be generated already to show it to the user. But is it already saved when the modal is opened?

@rdwebdesign
Copy link
Member

But is it already saved when the modal is opened?

I'm not sure. Maybe @DL6ER can answer this question.

@DL6ER
Copy link
Member Author

DL6ER commented Jun 26, 2024

Actually, the app password is always generated when this modal is opened

Mhh.. sure, it must be generated already to show it to the user. But is it already saved when the modal is opened?

Yes and No. It is only saved (and, hence, made active) once the user confirms this.

Maybe someone else has an explanation for the colors.

Enable 2FA is green as it is "good" (as in: it enhances security, especially with very simple passwords). App passwords, on the other hand, are neutral in terms of security (as long as they are kept secret it's basically impossible to brute-force it due to its design complexity and a cryptographically secure source of randomness used to generate it).

@DL6ER DL6ER merged commit 68f2512 into development-v6 Jun 27, 2024
8 checks passed
@DL6ER DL6ER deleted the tweak/warn_apppw branch June 27, 2024 12:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants