Instead of twisting `AuthBody`, this adds a new component for the different
styling of post-auth security flows. This also makes them fixed width and
adjusts padding to match designs.
This adds a step after login to complete security for your new session. At the
moment, the only verification method is entering your SSSS passphrase, but nicer
paths will be added soon.
This new step only appears when crypto is available and the account has
cross-signing enabled in SSSS.
Fixes https://github.com/vector-im/riot-web/issues/11214
We use `export default` begrudgingly here. Ideally we'd use just `export`, though this entire SDK expects things to be exported as a default. Instead of breaking everything, we'll sacrifice our export pattern for a smaller diff - a later commit can always do the default export -> regular export conversion.
With a switch to Only One Webpack™ we need a way to help developers generate the component index without a concurrent watch task. The best way to do this is to have developers import their components, but how do they do that when we support skins? The answer in this commit is to change skinning.
Skinning now expects to receive your list of overrides instead of the react-sdk+branded components. For Riot this means we send over *only* the Vector components and not Vector+react-sdk.
Components can then be annotated with the `replaceComponent` decorator to have them be skinnable. The decorator must take a string with the dot path of the component because we can't reliably calculate it ourselves, sadly.
The decorator does a call to `getComponent` which is where the important part of the branded components not including the react-sdk is important: if the branded app includes the react-sdk then the decorator gets executed before the skin has finished loading, leading to all kinds of fun errors. This is also why the skinner lazily loads the react-sdk components to avoid importing them too early, breaking the app.
The decorator will end up receiving null for a component because of the getComponent loop mentioned: the require() call is still in progress when the decorator is called, therefore we can't error out. All usages of getComponent() within the app are safe to not need such an error (the return won't be null, and developers shouldn't use getComponent() after this commit anyways).
The AuthPage, being a prominent component, has been converted to demonstrate this working. Changes to riot-web are required to have this work.
The reskindex script has also been altered to reflect these skinning changes - it no longer should set the react-sdk as a parent. The eventual end goal is to get rid of `getComponent()` entirely as it'll be easily replaced by imports.
This fixes the login page to be more helpful when the current homeserver is
unreachable: it reveals the server change field, so you have some chance to
progress forward.
Fixes https://github.com/vector-im/riot-web/issues/11077
If discovery results in a warning for the identity server (as in can't be found
or is malformed), this allows you to continue signing in and shows the warning
above the form.
Fixes https://github.com/vector-im/riot-web/issues/11102
This hides the identity server at first from the custom server auth flows. For
the flows that may need an IS if the HS requires it (registration, password
reset), we then check with the HS before proceeding further and reveal the IS
field if it is in fact needed.
Fixes https://github.com/vector-im/riot-web/issues/10553
This disables 3PID binding at registration time, so users won't be discoverable
by 3PID by default. Instead, new discovery controls in settings allow you to
opt-in.
Fixes https://github.com/vector-im/riot-web/issues/10424
If guest access was enabled, clicking the login link on the 'registration
completed' page would just load the guest account you had before registering.
Fixes https://github.com/vector-im/riot-web/issues/10482
Fixes https://github.com/vector-im/riot-web/issues/10017
Specifically the `return` at the end of the diff fixes the problem, but it seems worthwhile to check for liveliness when we know the server has been dead in previous attempts.
