LG-126 - Validate the appearance of phone numbers before allowing OTP submission #2034
Conversation
jgsmith-usds
force-pushed
the
jgs-lg-126-validate-otp-phone-numbers-before-sending-code
branch
from
d658330 to
da3e0dd
Compare
|
I was out last week, so I'm probably missing some context. Could you please explain what problem prompted this PR? Is it to enhance the user experience so that they get feedback about the validity of a phone number faster than before? Was there anything wrong with the server side validation that was already in place, via the I see this is still a work in progress, but wanted to offer some initial thoughts. It looks like we are now using Also, having the controller in the |
|
I put it in the same space as the other controllers for account verification. As far as I can tell, the phone number is entered as part of the account creation flow and later when a person changes their phone number. I'm trying to follow the patterns I'm seeing elsewhere, but I'm open to changing them. For now, doing validation through an endpoint doesn't get us anything, so we could replace the call to the endpoint with a call to the JavaScript library that's bundled with the page. The primary goal is to disable the submit button until we have what looks like a valid phone number. Secondary is to have an additional visual indicator that the phone number looks good (e.g., a check mark next to the phone field). As far as identity-idp/app/forms/user_phone_form.rb Line 11 in 29b4210 |
jgsmith-usds
force-pushed
the
jgs-lg-126-validate-otp-phone-numbers-before-sending-code
branch
from
da3e0dd to
a74f38d
Compare
jgsmith-usds
added
status - ready for review
and removed
status - work in progress
labels
jgsmith-usds
changed the title
jgsmith-usds
changed the title
|
@jgsmith-usds The |
|
@monfresh Thanks for the clarification. For this PR, I've removed all of the backend since we aren't doing anything that can't be handled by the libraries already included in the frontend. |
| const phoneValid = isValidNumber(phone, countryCode); | ||
|
|
||
| if (phoneValid) { | ||
| phoneInput.classList.add('valid-phone'); |
There was a problem hiding this comment.
What is the purpose of adding / removing these classes here?
There was a problem hiding this comment.
For this PR, this is a pre-optimization. I was planning to add CSS styles to add an indicator following the input field using those classes to manage it, but in review, it looked like there was enough useful in this PR as it is without waiting on that. I'll remove the classes for this PR and put them back in when I get the CSS ironed out.
There was a problem hiding this comment.
Cool, my next question was about how the user is supposed to determine why the "Send Code" button is disabled, but I suppose that is coming later.
There was a problem hiding this comment.
-nod- -- I'm not sure I want to show an error message when they're still entering their phone number, but we could do something on-blur if the number doesn't look valid. That might be a better next step before I get the CSS whipped up since we already have a mechanism for doing messaging like that.
**Why**: We want to be able to leverage several phone validation options, so we are (1) moving the validation to the backend, (2) giving feedback to the user when the phone number is considered valid, (3) enabling "Send Code" only when the phone number is considered valid. **How**: We send a POST to an endpoint when the phone input field blurs or the country code changes. The result of the POST indicates if the number is valid. We can add more information later.
jgsmith-usds
force-pushed
the
jgs-lg-126-validate-otp-phone-numbers-before-sending-code
branch
from
e097141 to
5834b06
Compare
jgsmith-usds
deleted the
jgs-lg-126-validate-otp-phone-numbers-before-sending-code
branch
Why: We want to be able to leverage several phone validation options,
so we are (1) moving the validation to the backend, (2) giving feedback
to the user when the phone number is considered valid, (3) enabling
"Send Code" only when the phone number is considered valid.
How: Originally, we were going to send a POST to an endpoint, but since we
already have libphonenumber-js in our browser-side environment, we're using that
until we need to do validation that can't be done in the browser. Since this isn't the
final validation, we do this just for the benefit of the UX.
Hi! Before submitting your PR for review, and/or before merging it, please
go through the following checklist:
For DB changes, check for missing indexes, check to see if the changes
affect other apps (such as the dashboard), make sure the DB columns in the
various environments are properly populated, coordinate with devops, plan
migrations in separate steps.
For route changes, make sure GET requests don't change state or result in
destructive behavior. GET requests should only result in information being
read, not written.
For encryption changes, make sure it is compatible with data that was
encrypted with the old code.
For secrets changes, make sure to update the S3 secrets bucket with the
new configs in all environments.
Do not disable Rubocop or Reek offenses unless you are absolutely sure
they are false positives. If you're not sure how to fix the offense, please
ask a teammate.
When reading data, write tests for nil values, empty strings,
and invalid formats.
When calling
redirect_toin a controller, use_url, not_path.When adding user data to the session, use the
user_sessionhelperinstead of the
sessionhelper so the data does not persist beyond the user'ssession.
When adding a new controller that requires the user to be fully
authenticated, make sure to add
before_action :confirm_two_factor_authenticated.