This adds a step after login to complete security for your new session. At the
moment, the only verification method is entering your SSSS passphrase, but nicer
paths will be added soon.
This new step only appears when crypto is available and the account has
cross-signing enabled in SSSS.
Fixes https://github.com/vector-im/riot-web/issues/11214
We use `export default` begrudgingly here. Ideally we'd use just `export`, though this entire SDK expects things to be exported as a default. Instead of breaking everything, we'll sacrifice our export pattern for a smaller diff - a later commit can always do the default export -> regular export conversion.
With a switch to Only One Webpack™ we need a way to help developers generate the component index without a concurrent watch task. The best way to do this is to have developers import their components, but how do they do that when we support skins? The answer in this commit is to change skinning.
Skinning now expects to receive your list of overrides instead of the react-sdk+branded components. For Riot this means we send over *only* the Vector components and not Vector+react-sdk.
Components can then be annotated with the `replaceComponent` decorator to have them be skinnable. The decorator must take a string with the dot path of the component because we can't reliably calculate it ourselves, sadly.
The decorator does a call to `getComponent` which is where the important part of the branded components not including the react-sdk is important: if the branded app includes the react-sdk then the decorator gets executed before the skin has finished loading, leading to all kinds of fun errors. This is also why the skinner lazily loads the react-sdk components to avoid importing them too early, breaking the app.
The decorator will end up receiving null for a component because of the getComponent loop mentioned: the require() call is still in progress when the decorator is called, therefore we can't error out. All usages of getComponent() within the app are safe to not need such an error (the return won't be null, and developers shouldn't use getComponent() after this commit anyways).
The AuthPage, being a prominent component, has been converted to demonstrate this working. Changes to riot-web are required to have this work.
The reskindex script has also been altered to reflect these skinning changes - it no longer should set the react-sdk as a parent. The eventual end goal is to get rid of `getComponent()` entirely as it'll be easily replaced by imports.
This fixes the login page to be more helpful when the current homeserver is
unreachable: it reveals the server change field, so you have some chance to
progress forward.
Fixes https://github.com/vector-im/riot-web/issues/11077
If discovery results in a warning for the identity server (as in can't be found
or is malformed), this allows you to continue signing in and shows the warning
above the form.
Fixes https://github.com/vector-im/riot-web/issues/11102
This hides the identity server at first from the custom server auth flows. For
the flows that may need an IS if the HS requires it (registration, password
reset), we then check with the HS before proceeding further and reveal the IS
field if it is in fact needed.
Fixes https://github.com/vector-im/riot-web/issues/10553
This disables 3PID binding at registration time, so users won't be discoverable
by 3PID by default. Instead, new discovery controls in settings allow you to
opt-in.
Fixes https://github.com/vector-im/riot-web/issues/10424
If guest access was enabled, clicking the login link on the 'registration
completed' page would just load the guest account you had before registering.
Fixes https://github.com/vector-im/riot-web/issues/10482
Fixes https://github.com/vector-im/riot-web/issues/10017
Specifically the `return` at the end of the diff fixes the problem, but it seems worthwhile to check for liveliness when we know the server has been dead in previous attempts.
Fixes https://github.com/vector-im/riot-web/issues/10235
CSS and copy are left as an exercise for a later iteration.
Login page handling is left for https://github.com/vector-im/riot-web/issues/10236
This implementation reuses as much of the Lifecycle flow as it can without causing problems. Most importantly, it requires https://github.com/matrix-org/matrix-js-sdk/pull/975 to be able to detect a soft logout and react to it. When it comes time to starting/stopping the Lifecycle, additional parameters are provided so that the auxiliary services can (re)start themselves without the client starting to sync.
https://github.com/matrix-org/matrix-react-sdk/pull/3101 meant we
don't get logged straight in after registering if using an email
address, but this was the point at which we made a chat with the
welcome user. Instead, set a flag in memory that we should try &
make a chat with the welcome user for that user ID if we get a
session for them.
Of course, if the user logs in on both tabs, this would mean each
would make a chat with the welcome user (although actually this
was a problem with the old code too). Check our m.direct to see if
we've started a chat with the welcome user before making one (which
also means we have to make sure the cached sync is up to date...
see comments).
You now don't get automatically logged in after finishing
registration. This makes a whole class of failures involving race
conditions and multiple devices impossible.
https://github.com/vector-im/riot-web/issues/9586
This always clear the login busy state after .well-known discovery without
waiting for the resulting server config. This is important for the case where
the HS that a full MXID resolves to matches the default HS, as without it we'd
be stuck in a busy state forever.
Fixes https://github.com/vector-im/riot-web/issues/10014
This performs liveliness checks on the auth pages to try and show a friendlier error. Earlier checks in the app startup are expected to not block the app from loading on such failures.
See https://github.com/vector-im/riot-web/issues/9828
We previously sent it in componentWillMount of the email token
auth component which definitely gets us on react's naughtly list.
We now pass the js-sdk a callback it can call at the appropriate
time to send the token (https://github.com/matrix-org/matrix-js-sdk/pull/926).
We should make password reset and adding email addresses work the
same way, but currently they don't even use the interactive-auth
helpers(!) so they're unaffected.
https://github.com/vector-im/riot-web/issues/9586
If you were in the username field and simply tabbed out without entering anything, the form would become "busy" and not let you submit. We should only be doing this if we have work to do, like .well-known discovery of the homeserver.
Very similar to password resets and registration, the components pass around a server config for usage by other components. Login is a bit more complicated and needs a few more changes to pull the logic out to a more generic layer.
Now that we have a fancier password complexity check, remove the older minimum
length to avoid the feeling of two password style guides fighting each other.
In addition to migrating password fields, this also removes the remaining
support for old-style validation in registration now that all checks have been
converted.
When submitting a form, we want to validate more strictly to check for empty
values that might be required. A separate mode is used since we want to ignore
this issue when visiting a field one by one to enter data.
As an example, we convert the pre-existing logic for the username requirement
using this new support.
The Forgot Password screen wasn't checking the default server name for a value
before showing it, leading to a possible "Your Matrix account on <blank>"
message.
Fixes https://github.com/vector-im/riot-web/issues/9507
The initial phase of registration can differ by the default server type. In
particular, the Matrix.org HS type wants to skip to the registration form.
Fixes https://github.com/vector-im/riot-web/issues/8862
If Riot has been configured with a `default_hs_url` (or `default_server_name`,
which then sets a default HS URL), then skip the server details on registration
by default.
Fixes https://github.com/vector-im/riot-web/issues/8840
This passes the validity state of all fields to the consumer of
`RegistrationForm` via the `onValdiationChange` callback, instead of just the
most recent error.
In addition, we notify the consumer for any validation change, whether success
or failure. This allows old validation messages to be properly cleared. It also
allows the consumer to be aware of multiple validation errors and display the
next one after you have fixed the first.
Fixes https://github.com/vector-im/riot-web/issues/8769
Now that auth flows can show a server name like `example.com` which might
delegate the HS to some other server, it could be confusing to see text like
"Sign in to example.com", especially if `example.com` runs an identity service,
uses SSO, has its own account system, or other things like this.
To clarify that we mean Matrix accounts, all auth flows are updated to talk in
terms of "<verb> your Matrix account on <server>".
Fixes part of
https://github.com/vector-im/riot-web/issues/8763#issuecomment-464823909.
If a default server name is set and the current HS URL is the default HS URL,
we'll display that name in the "your account" text on the forgot password form.
This can be a bit more user friendly, especially when the HS is delegated to
somewhere such as Modular, since you'll then see "example.com" instead of
"example.modular.im", which you have no direct relationship with as a user.
This is the key bit of https://github.com/vector-im/riot-web/issues/8763 for
forgot password.
If a default server name is set and the current HS URL is the default HS URL,
we'll display that name in the "sign in to" text on the login form.
This can be a bit more user friendly, especially when the HS is delegated to
somewhere such as Modular, since you'll then see "example.com" instead of
"example.modular.im", which you have no direct relationship with as a user.
This is the key bit of https://github.com/vector-im/riot-web/issues/8763 for
login.
If a default server name is set and the current HS URL is the default HS URL,
we'll display that name in the "your account" text on the registration form.
This can be a bit more user friendly, especially when the HS is delegated to
somewhere such as Modular, since you'll then see "example.com" instead of
"example.modular.im", which you have no direct relationship with as a user.
This is the key bit of https://github.com/vector-im/riot-web/issues/8763 for
registration.
`ServerTypeSelector` would call its `onChange` prop both at construction
(because it computed the default selected type and consumers might want to know)
as well as on actual user change. This ended up complicating consumer code, as
they want to differentiate between initial state and changes made by the user.
To simplify things, `ServerTypeSelector` now exports a function to compute the
server type from HS URL, which can be useful for setting its initially selected
type. The consumer now provides that type via a prop, and `onChange` is now only
called for actual user changes, simplifying the logic in `Registration` which
uses `ServerTypeSelector`.
In addition, some usages of `customHsUrl` vs. `defaultHsUrl` in `Registration`
are simplified to be `customHsUrl` only (since it already includes a fallback to
the default URL in `MatrixChat`).
We weren't correctly jumping into the appropriate bit of the registration
flow when coming in from an email link.
* If we have client secret / sessionId, go straight to registration phase
* Don't reset server URLs when the server type component tells us its
initial value
* Confusingly, pass the custom server URL as 'default server URL' to
the custom server type, as this is what we want the inital section
to be based on.
Fixes https://github.com/vector-im/riot-web/issues/8490