Inappropriate Display of Signup Button for Users with Cookies

[captain-Akshay]

Current Behavior

The website currently displays a signup button regardless of whether the user has an account indicating prior signup. This behavior is not consistent with user expectations and may lead to confusion.

Possible Solution:

Implement logic to check for the presence of a signup-related cookie. If the cookie is present, do not display the signup button. Ensure this check is performed consistently across page loads.

Screenshots/Logs

Environment

• Host OS: Mac Linux Windows
• Platform: Docker or Kubernetes
• Meshery Server Version: stable-v
• Meshery Client Version: stable-v

---

Contributor Guides and Resources

• 🛠 Meshery Build & Release Strategy
• 📚 Instructions for contributing to documentation
  • Meshery documentation site and source
• 🎨 Wireframes and designs for Meshery UI in Figma (open invite)
• 🙋🏾🙋🏼 Questions: Discussion Forum and Community Slack

[prajjwalyd]

Hello!

I've been exploring the signup button behavior issue, and I'd like to propose a solution:

Step 1:
Check for the presence of the signup-related cookie on mount.

Step 2:
Initialize the showSignUpButton state based on the presence of the cookie.

Step 3:
When the user submits the signup form, set the signup-related cookie, and update the showSignUpButton state accordingly.

---

If this solution aligns with your expectations, I'd be excited to take ownership of this issue and work on implementing it. Please let me know if any adjustments are needed or if you have any specific considerations...

[prajjwalyd]

Hey @captain-Akshay ,
any updates on this issue? Is it still valid?

[Shabab007]

Hello @captain-Akshay @leecalcote
I have looked into the issue . achieving the desired functionality of checking the presence of the signup-related cookie for not displaying the signup button involves a series of critical steps. . here are some findings

1. After signing up the api response header is setting the http only cookie named "__cf_bm" which is expected.
   here is the screenshot

2. Given that this application is crafted with Create React App (CRA), a client-side application, the inherent limitation is that JavaScript cannot access or retrieve HTTP-only cookies directly. Consequently, determining the user's cookie status becomes a challenge.

To address this, impactful suggestions include:

• In order to achieve and parse the cookie we need to use Next js or serverside technology .
• We can use hybrid auth system like jwt with cookie in order get the user creds, permissions, authorization and the http only cookie will be set for the subsequent api request for that user
• Simple solution would to send a proper response from the signup api for example user details or jwt or session details which we can retrive in Create react app or client side react. Right now the signup api only sending accepted response and we are not retriving any response after hitting the api . Here are the screenshots

[leecalcote]

Hey @captain-Akshay , any updates on this issue? Is it still valid?

Yes, indeed, it certainly is.

[leecalcote]

The need here isn't with respect as to whether someone has signed up, but whether they have been awarded access to the Playground or not. The cookie for this will come from meshery.layer5.io. While you're digging in here, @Shabab007, please note the sibling issue here - layer5io/layer5#5295. We'll want for these to both be handled in the same way. Both sites use Gatsby and both will need to look for the same cookie/access/token.

[Shabab007]

Hi @leecalcote ,
After carefully looking at the issue and sibling issue . I found that playground is in different domain play.meshery.io and the cookie we are expecting that should come from meshery.layer5.io domain. Indeed, cookies are typically restricted to the domain from which they were set due to the same-origin policy, a security measure implemented by web browsers. Thats why we can't access the cookies from different domain to toggle off the playground button.

[leecalcote]

Maybe, maybe not.

[leecalcote]

My money is on the latter.

[prajjwalyd]

@leecalcote From what I've understood, the goal here is to show the signup button based on the presence of a cookie that will come from meshery.layer5.io, but we want to access that from https://play.meshery.io/... in this situation, I think @Shabab007's concern is spot on as we can't access cookies between domains without any Centralized Authentication or cross-domain messaging kind of things.
Please correct me if I've misunderstood anything.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[stale]

This issue is being automatically closed due to inactivity. However, you may choose to reopen this issue.