Support requiring the scan of a secret to start onboarding #749
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This is a hack to support the specific requirements of the NREL publication process, which is currently intended to be a closed system. - Users need to scan a specified QR code that represents a secret - They are allowed to proceed only if the secret matches the app secret In the long term, we want to use channels directly instead of this "secret" code. However, we didn't want to deal with externally hosted software for approval at this time. This is the commit fixes the first three tasks in e-mission/e-mission-docs#628 in particular, e-mission/e-mission-docs#628 (comment) and e-mission/e-mission-docs#628 (comment) Changes: - new "secretcheck" service - on receiving a custom URL, pass the parameter to secretcheck - secretcheck validates the secret and stores it - change startprefs so that if we have a valid stored secret, we can move on to checking the other onboarding states - copy over the templates and the javascript code for the first screen from the em-base repository
Fairly simple fix We read the hardcoded secret directly from the `SecretCheck` module since we should not have come to this screen unless the input `SecretCheck` and the hardcoded secret match, so we might as well use the hardcoded check. This is the final set of changes for e-mission/e-mission-docs#628 Testing done: Checked the userid on the server. ``` {'_id': ObjectId('60503a011fa22fb602d332b1'), 'user_email': 'REPLACEMEkVVdF9rT', 'uuid': UUID('cf8ccb7b-84d7-40e4-a726-7691e614b042'), 'update_ts': datetime.datetime(2021, 3, 15, 21, 54, 25, 463000)}] ``` Checked the userid on the phone - was the same Checked the server logs, auth was fine ``` START 2021-03-15 21:54:25.460376 POST /profile/create END 2021-03-15 21:54:25.467684 POST /profile/create 0.007261991500854492 START 2021-03-15 21:54:25.583845 POST /profile/get END 2021-03-15 21:54:25.589675 POST /profile/get cf8ccb7b-84d7-40e4-a726-7691e614b042 0.005787849426269531 START 2021-03-15 21:54:26.051814 POST /profile/update END 2021-03-15 21:54:26.057612 POST /profile/update cf8ccb7b-84d7-40e4-a726-7691e614b042 0.0057489871978759766 START 2021-03-15 21:55:32.222428 POST /result/metrics/timestamp END 2021-03-15 21:55:32.234051 POST /result/metrics/timestamp cf8ccb7b-84d7-40e4-a726-7691e614b042 0.011476993560791016 ```
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is the most challenging part of e-mission/e-mission-docs#628
Concretely:
Since the UI is not replaced by download, we needed to add a new state to the onboarding flow to replace it.
High level changes: