Fix/eid app onboarding UX issues

[grv-saini-20]

Description of change

Fixed all the issues from 399 to 402

Issue Number

Closes #399, #400, #401, #402

Type of change

• Update (a change which updates existing functionality)
• Fix (a change which fixes an issue)

How the change has been tested

Manual

Change checklist

• I have ensured that the CI Checks pass locally
• I have removed any unnecessary logic
• My code is well documented
• I have signed my commits
• My code follows the pattern of the application
• I have self reviewed my code

Summary by CodeRabbit

• New Features

  • Registration: improved multi-step PIN setup with a completion drawer and dynamic button behavior.

• Improvements

  • Dynamic button states reflect PIN progress and validation.
  • PIN entry now fully resets visual inputs when cleared.
  • Login PIN clear no longer triggers navigation or external biometric clearing.
  • Settings: closing returns to Settings page after PIN changes.

[coderabbitai]

Walkthrough

Registration, login, PIN input, and settings PIN pages updated: dynamic confirm-button variant and stricter repeat-PIN validation in registration; login clearPin behavior simplified; InputPin auto-resets when cleared; settings PIN update parameter order and navigation changed; package.json newline normalized.

Changes

Cohort / File(s)	Change Summary
Registration — PIN & Biometrics infrastructure/eid-wallet/src/routes/(auth)/register/+page.svelte	Adds btnVariant reactive state, transitions firstStep → secondStep when PIN length is 4, global effect syncing btnVariant and isError with PIN fields, expands handleConfirm to validate repeat length and match, calls globalState.securityController.updatePin on success, opens Drawer and wires biometric setup/skip flows; buttons now use dynamic btnVariant.
Login — clearPin & auth side-effects infrastructure/eid-wallet/src/routes/(auth)/login/+page.svelte	Simplifies clearPin to only clear local pin and isError (removes securityController.clearPin() call and redirect); other login logic unchanged in this diff.
PIN Input component infrastructure/eid-wallet/src/lib/ui/InputPin/InputPin.svelte	Adds reactive effect to reset individual input cells when the computed pin becomes an empty string; existing focus/keyboard navigation preserved.
Settings — PIN update & navigation infrastructure/eid-wallet/src/routes/(app)/settings/pin/+page.svelte	handleClose now uses goto("/settings"); securityController.updatePin call parameter order changed to (newPin, repeatPin, currentPin) instead of (currentPin, newPin).
Metadata infrastructure/control-panel/package.json	Whitespace/newline normalization only (no functional change).

Sequence Diagram(s)

sequenceDiagram
    participant U as User
    participant Input as InputPin
    participant Reg as Register Page
    participant Sec as SecurityController
    participant Nav as Router

    rect rgba(200,230,255,0.25)
      Note over U,Reg: Registration flow (btnVariant controls Confirm)
      U->>Input: enter digits
      Input->>Reg: update pin
      Reg->>Reg: when pin length == 4 -> firstStep = false, btnVariant = "solid"
      U->>Reg: enter repeatPin
      Reg->>Reg: effect sets btnVariant="solid" only if repeatPin length==4 && match
      U->>Reg: click Confirm
      Reg->>Reg: validate repeat length and match
      alt match
        Reg->>Sec: updatePin(pin, repeatPin, ...)
        Reg->>Reg: open Drawer / biometric setup
        Reg->>Nav: navigate on completion
      else mismatch
        Reg->>U: show error, reset to firstStep
      end
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• Review reactive $: effects around btnVariant, firstStep, and clearing isError for race conditions.
• Verify handleConfirm validation paths and correct arguments for securityController.updatePin.
• Confirm InputPin reset behavior doesn't break focus/navigation.
• Check settings updatePin parameter reordering and goto("/settings") routing.

Possibly related PRs

• fix: reset-pin #417 — Modifies PIN update/confirmation flows and securityController.updatePin usage; strong overlap with settings/register PIN changes.

Suggested reviewers

• coodos
• sosweetham

Poem

🐰
Soft to solid, digits hop and play,
A button waits until the pins obey.
When numbers match the Drawer sings,
Biometrics nod and wiggly whiskers bring
A hop, a click — secure today!

Pre-merge checks and finishing touches

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Out of Scope Changes check	❓ Inconclusive	Changes to login/+page.svelte clearPin function (removing security controller interaction) and settings PIN reordering appear to address different issues but may be beyond the scope of the single linked issue provided for validation.	Clarify whether changes to login clearPin behavior and settings PIN parameter reordering correspond to issues #400, #401, or #402, or document their purpose if they are refactoring changes.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description check	✅ Passed	The pull request description follows the required template structure with all major sections completed, including issue numbers, type of change, testing method, and checklist.
Linked Issues check	✅ Passed	The code changes in register/+page.svelte correctly implement button state management: btnVariant becomes 'solid' only when pin length is 4 in first step, and when both pins match in second step, directly addressing issue #399's requirements.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Title check	✅ Passed	The title 'Fix/eid app onboarding UX issues' is directly related to the main changes, which focus on fixing UX issues in the PIN registration and login flows of the eID wallet app.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/app-issues

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 5

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

infrastructure/eid-wallet/src/routes/(auth)/register/+page.svelte (1)

107-112: Incorrect error message for first PIN entry.

The error message "Your PIN does not match, try again." on line 111 doesn't make sense on the first step where the user hasn't entered a confirmation PIN yet. The error condition checks isError && pin.length === 0, which could occur if the user returns from the confirmation step with an error.

Consider separate error states for each step, or adjust the error message to be context-appropriate:

-                Your PIN does not match, try again.
+                Please enter a 4-digit PIN.

Or better yet, handle error states separately for each step so the confirmation step error doesn't leak back to the first step.

🧹 Nitpick comments (4)

infrastructure/eid-wallet/src/routes/(auth)/register/+page.svelte (4)

23-27: Avoid comma operator for side effects.

The comma operator on line 25 reduces readability. Use separate statements or a block.

Apply this diff:

     const handleFirstStep = async () => {
         if (pin.length === 4) {
-            (firstStep = false), (btnVariant = "solid");
+            firstStep = false;
+            btnVariant = "solid";
         }
     };

---

48-51: Consider bidirectional error state management.

The effect clears the error when PINs match, but doesn't set it back to true if the user subsequently modifies one PIN to break the match. This may be intentional for UX, but consider whether you want real-time validation feedback.

---

57-58: Remove debug console.log.

The console.log on line 58 should be removed before production deployment.

Apply this diff:

         isBiometricsAvailable = (await checkStatus()).isAvailable;
-        console.log("isBiometricsAvailable", isBiometricsAvailable);

---

31-46: Remove redundant placeholder comments.

The comments on lines 32, 37, and 44 suggest placeholder code, but the actual logic is already implemented. These comments should be removed.

Apply this diff:

     const handleNext = async () => {
-        //handle next logic goes here
         isBiometricScreen = true;
     };
 
     const handleSkip = async () => {
-        // handle skip biometrics logic goes here
         goto("/review");
     };
 
     let handleSetupBiometrics = $state(async () => {});
 
     const handleBiometricsAdded = async () => {
-        //handle logic when biometrics added successfully
         goto("/review");
     };

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5f41b17 and 0145b00.

📒 Files selected for processing (1)

• infrastructure/eid-wallet/src/routes/(auth)/register/+page.svelte (2 hunks)

🧰 Additional context used

🧠 Learnings (1)

📓 Common learnings

Learnt from: sosweetham
Repo: MetaState-Prototype-Project/prototype PR: 97
File: infrastructure/eid-wallet/src/routes/+page.svelte:31-35
Timestamp: 2025-04-24T05:54:12.858Z
Learning: The "Clear PIN" button on the root page of the eID wallet application is intended for debugging purposes only, not for production use, so it doesn't require confirmation dialogs or detailed user guidance.

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: build

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

infrastructure/eid-wallet/src/lib/ui/InputPin/InputPin.svelte (1)

132-149: Fix duplicate IDs to restore focusOnMount.

Every <input> gets the same id={uniqueId}, but onMount still looks for document.getElementById("pin0"). The result is an invalid DOM (duplicate IDs) and the initial focus never lands on the first field, so focusOnMount no longer works. Please give each slot a deterministic ID (e.g. pin${i} or ${uniqueId}-${i}) and update the focus logic to match.

-                    id={uniqueId}
+                    id={`pin${i}`}
...
-        document.getElementById("pin0")?.focus();
+        document.getElementById("pin0")?.focus();

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0145b00 and 21b019d.

📒 Files selected for processing (4)

• infrastructure/control-panel/package.json (1 hunks)
• infrastructure/eid-wallet/src/lib/ui/InputPin/InputPin.svelte (1 hunks)
• infrastructure/eid-wallet/src/routes/(auth)/login/+page.svelte (1 hunks)
• infrastructure/eid-wallet/src/routes/(auth)/register/+page.svelte (3 hunks)

✅ Files skipped from review due to trivial changes (1)

• infrastructure/control-panel/package.json

🚧 Files skipped from review as they are similar to previous changes (1)

• infrastructure/eid-wallet/src/routes/(auth)/register/+page.svelte

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: lint
• GitHub Check: build

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

infrastructure/eid-wallet/src/routes/(auth)/register/+page.svelte (1)

127-132: Confusing error condition related to the firstStep bug.

The error display condition isError && pin.length === 0 (lines 127 and 129) seems problematic:

1. When a PIN mismatch occurs, isError is set to true and firstStep is reset to true (line 83)
2. The user returns to the first step, but their pin is not cleared, so pin.length is still 4
3. The error message won't display because pin.length === 0 is false

This creates a confusing state where the user is sent back to the first step due to an error, but no error message is shown.

This issue will be resolved when line 83's firstStep = true is removed (as flagged in the previous comment). The user will stay on the second step where the error message is properly displayed.

♻️ Duplicate comments (3)

infrastructure/eid-wallet/src/routes/(auth)/register/+page.svelte (3)

36-39: Fix typo in comment.

Line 37: "biometics" should be "biometrics".

Apply this diff:

     const handleSkip = async () => {
-        // handle skip biometics logic goes here
+        // handle skip biometrics logic goes here
         goto("/review");
     };

---

75-95: Critical UX issue: Don't reset to first step on PIN mismatch (past issue still present).

Line 83 sets firstStep = true when PINs don't match, forcing the user to re-enter the initial PIN from scratch. This is frustrating UX—the user should remain on the confirmation screen and only re-enter the repeatPin.

Apply this diff:

             if (pin !== repeatPin) {
                 isError = true;
-                firstStep = true;
+                repeatPin = "";
                 return;
             }

Note: The error handling with try-catch (lines 88-94) correctly addresses a previous review concern.

---

97-112: Critical: Logic bug sets biometrics flag when unavailable (past issue still present).

Line 111 sets isBiometricsAdded = true outside the if (isBiometricsAvailable) block. This means even when biometrics are unavailable or setup fails, the flag is set to true, causing the UI on line 208-212 to incorrectly display "You're all set! Your biometrics have been successfully added."

Apply this diff:

         handleSetupBiometrics = async () => {
             if (!globalState)
                 throw new Error(
                     "Cannot set biometric support, Global state is not defined",
                 );
             if (isBiometricsAvailable) {
                 try {
                     globalState.securityController.biometricSupport = true;
+                    isBiometricsAdded = true;
                 } catch (error) {
                     console.error("Failed to enable biometric support:", error);
                     // Consider showing an error message to the user
                     return;
                 }
             }
-            isBiometricsAdded = true;
         };

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0145b00 and e0cc594.

📒 Files selected for processing (4)

• infrastructure/control-panel/package.json (1 hunks)
• infrastructure/eid-wallet/src/lib/ui/InputPin/InputPin.svelte (1 hunks)
• infrastructure/eid-wallet/src/routes/(auth)/login/+page.svelte (1 hunks)
• infrastructure/eid-wallet/src/routes/(auth)/register/+page.svelte (3 hunks)

✅ Files skipped from review due to trivial changes (1)

• infrastructure/control-panel/package.json

🧰 Additional context used

🧠 Learnings (1)

📚 Learning: 2025-04-24T05:54:12.858Z

Learnt from: sosweetham
Repo: MetaState-Prototype-Project/prototype PR: 97
File: infrastructure/eid-wallet/src/routes/+page.svelte:31-35
Timestamp: 2025-04-24T05:54:12.858Z
Learning: The "Clear PIN" button on the root page of the eID wallet application is intended for debugging purposes only, not for production use, so it doesn't require confirmation dialogs or detailed user guidance.

Applied to files:

• infrastructure/eid-wallet/src/routes/(auth)/register/+page.svelte

🔇 Additional comments (9)

infrastructure/eid-wallet/src/lib/ui/InputPin/InputPin.svelte (3)

1-10: LGTM! Good use of constants for keyboard keys.

The imports are appropriate and the KEYBOARD constant is a good practice for avoiding magic strings in keyboard event handling.

---

46-50: LGTM! PIN reset effect supports the fix for issue #399.

This effect correctly resets all PIN input fields when the PIN is cleared externally (e.g., via the "Clear PIN" button). The effect chain is safe from infinite loops since the condition guards against repeated triggers.

---

64-104: LGTM! Comprehensive keyboard navigation implementation.

The keyboard handling correctly implements:

• Backspace/delete behavior (clear current, then move back)
• Auto-advance on numeric input
• Arrow key navigation between fields

All actions properly use preventDefault() and focus management is sound.

infrastructure/eid-wallet/src/routes/(auth)/login/+page.svelte (3)

35-48: LGTM! Good defensive initialization.

The globalState validation with early return and error logging is a good practice. The pending deep link detection provides useful context for the user.

---

99-103: Verify effect placement and timing concerns.

Defining a $effect inside onMount is unconventional. The comment suggests a timing dependency with biometric initialization, but this approach may cause unexpected behavior:

1. The effect won't exist until after mount completes
2. If PIN changes during mount (before effect is registered), those changes won't trigger the handler
3. The dependency on initialization order suggests fragile coupling

Consider:

1. Moving the effect outside onMount if it should always be active
2. Adding explicit guards in handlePinInput to handle the biometric initialization state
3. Documenting why this specific ordering is required

Can you verify this implementation doesn't cause race conditions during initialization?

---

105-148: LGTM! Biometric authentication flow is well-structured.

The biometric check correctly verifies support and availability before attempting authentication. Error handling is present, and the fallback to PIN entry works as expected. The duplicated deep link handling was already flagged in a previous comment.

infrastructure/eid-wallet/src/routes/(auth)/register/+page.svelte (3)

23-27: LGTM! Button variant state is now properly used.

The btnVariant state is correctly integrated into the template (lines 136 and 155), resolving the previous issue about unused state.

---

48-66: LGTM! Button state management correctly fixes issue #399.

These effects properly implement the requirement from issue #399:

• The "Confirm" button starts in the "soft" (disabled) state
• It becomes "solid" (enabled) only when a valid 4-digit PIN is entered
• On the re-enter screen, the button is enabled only when the PINs match

This ensures the button is disabled on initial navigation and while no valid data is entered.

---

154-158: LGTM! Confirmation button properly uses variant state.

The confirm button on the re-enter step correctly uses btnVariant to control its enabled state, ensuring it's only enabled when the PINs match. This implements the fix for issue #399.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (3)

infrastructure/eid-wallet/src/routes/(auth)/register/+page.svelte (3)

37-37: Fix typo in comment.

"biometics" should be "biometrics".

Apply this diff:

-    // handle skip biometics logic goes here
+    // handle skip biometrics logic goes here

---

97-112: Critical: Logic bug sets biometrics flag when unavailable.

Line 111 sets isBiometricsAdded = true outside the if (isBiometricsAvailable) block. If biometrics are unavailable, the flag is still set to true, causing the UI on line 208 to incorrectly display "You're all set! Your biometrics have been successfully added."

Apply this diff:

     handleSetupBiometrics = async () => {
         if (!globalState)
             throw new Error(
                 "Cannot set biometric support, Global state is not defined",
             );
         if (isBiometricsAvailable) {
             try {
                 globalState.securityController.biometricSupport = true;
+                isBiometricsAdded = true;
             } catch (error) {
                 console.error("Failed to enable biometric support:", error);
                 // Consider showing an error message to the user
                 return;
             }
         }
-        isBiometricsAdded = true;
     };

---

81-85: Don't reset to first step on PIN mismatch.

When the confirmation PIN doesn't match, line 83 sets firstStep = true, sending the user back to the initial PIN entry screen. The user should remain on the confirmation screen and re-enter only the repeatPin.

Apply this diff:

         if (pin !== repeatPin) {
             isError = true;
-            firstStep = true;
+            repeatPin = "";
             return;
         }

🧹 Nitpick comments (1)

infrastructure/eid-wallet/src/routes/(auth)/register/+page.svelte (1)

23-27: Simplify: Remove redundant assignment and comma operator.

The comma operator on line 25 is valid but reduces readability. Additionally, setting btnVariant = "solid" is redundant since the $effect block on lines 53-66 already manages btnVariant reactively.

Apply this diff:

 const handleFirstStep = async () => {
     if (pin.length === 4) {
-        (firstStep = false), (btnVariant = "solid");
+        firstStep = false;
     }
 };

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e0cc594 and 4d34af2.

📒 Files selected for processing (2)

• infrastructure/eid-wallet/src/lib/ui/InputPin/InputPin.svelte (1 hunks)
• infrastructure/eid-wallet/src/routes/(auth)/register/+page.svelte (5 hunks)

🧰 Additional context used

🧠 Learnings (1)

📚 Learning: 2025-04-24T05:54:12.858Z

Learnt from: sosweetham
Repo: MetaState-Prototype-Project/prototype PR: 97
File: infrastructure/eid-wallet/src/routes/+page.svelte:31-35
Timestamp: 2025-04-24T05:54:12.858Z
Learning: The "Clear PIN" button on the root page of the eID wallet application is intended for debugging purposes only, not for production use, so it doesn't require confirmation dialogs or detailed user guidance.

Applied to files:

• infrastructure/eid-wallet/src/routes/(auth)/register/+page.svelte

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: build

🔇 Additional comments (3)

infrastructure/eid-wallet/src/routes/(auth)/register/+page.svelte (2)

19-19: Good: Previously unused state is now wired.

The btnVariant state is now properly used in the template on lines 136 and 155, addressing the previous review feedback.

---

88-94: Good: Error handling added for PIN update.

The try-catch block properly handles failures from updatePin, prevents the success drawer from showing on error, and logs the error for debugging. This addresses previous review feedback.

infrastructure/eid-wallet/src/lib/ui/InputPin/InputPin.svelte (1)

46-50: No reactive loop issue found—code design is intentional.

After examining the InputPin component and parent usages:

1. The first effect (pin = calcPin(pins)) and second effect (reset pins when pin === "") don't create an infinite loop. Svelte 5's $effect dependency system only triggers effects when dependencies change. When the second effect resets pins, the first effect runs and recalculates pin as "" (since all pins[key] are now ""), but this doesn't retrigger the second effect because pin is already "".

2. The reset logic is intentionally used by parent components—the login page explicitly sets pin = "" to clear the input, which cascades to reset individual pin slots. This is the expected behavior.

3. Initial state handling is correct: the component initializes via onMount, and the bound pin value defaults to "".

The implementation is sound.

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (4)

infrastructure/eid-wallet/src/routes/(auth)/register/+page.svelte (4)

37-39: Fix typo in comment.

"biometics" should be "biometrics".

Apply this diff:

 const handleSkip = async () => {
-    // handle skip biometics logic goes here
+    // handle skip biometrics logic goes here
     goto("/review");
 };

---

98-113: Critical: Biometrics flag incorrectly set when unavailable.

Line 112 sets isBiometricsAdded = true unconditionally, even when isBiometricsAvailable is false. This causes the UI to incorrectly display "You're all set! Your biometrics have been successfully added" when biometrics were never enabled.

Apply this diff:

     handleSetupBiometrics = async () => {
         if (!globalState)
             throw new Error(
                 "Cannot set biometric support, Global state is not defined",
             );
         if (isBiometricsAvailable) {
             try {
                 globalState.securityController.biometricSupport = true;
+                isBiometricsAdded = true;
             } catch (error) {
                 console.error("Failed to enable biometric support:", error);
                 // Consider showing an error message to the user
                 return;
             }
         }
-        isBiometricsAdded = true;
     };

---

82-86: Major: Don't reset to first step on PIN mismatch.

Setting firstStep = true on line 84 forces the user to re-enter both PINs from scratch when confirmation fails. Standard UX keeps the user on the confirmation screen to re-enter only repeatPin.

Apply this diff:

         if (pin !== repeatPin) {
             isError = true;
-            firstStep = true;
+            repeatPin = "";
             return;
         }

---

135-141: Major: Buttons must be disabled, not just styled differently.

PR objective #399 requires: "Ensure the 'Confirm' button is disabled when navigating to the 'Re-enter your PIN' screen."

The current implementation only changes visual appearance via variant (soft/solid) but doesn't actually disable the buttons. Users can still click the "soft" variant button, triggering validation errors. The ButtonAction component supports a disabled prop (line 223).

Apply this diff to properly disable the buttons:

 <ButtonAction
     class="w-full"
     variant={btnVariant}
+    disabled={pin.length !== 4}
     callback={handleFirstStep}
 >
     Confirm
 </ButtonAction>

And for the second step:

 <ButtonAction
     variant={btnVariant}
     class="w-full"
+    disabled={!(repeatPin.length === 4 && pin === repeatPin)}
     callback={handleConfirm}>Confirm</ButtonAction
 >

Also applies to: 155-159

🧹 Nitpick comments (2)

infrastructure/eid-wallet/src/routes/(auth)/register/+page.svelte (2)

23-28: Redundant btnVariant assignment.

Setting btnVariant = "solid" on line 26 duplicates the logic in the $effect (lines 54-67), which already manages btnVariant reactively based on firstStep and pin.length. Remove this redundant assignment to avoid multiple sources of truth.

Apply this diff:

 const handleFirstStep = async () => {
     if (pin.length === 4) {
         firstStep = false;
-        btnVariant = "solid";
     }
 };

---

54-67: Approve reactive variant management, but note duplication.

The $effect correctly synchronizes btnVariant with PIN state. However, line 62 (isError = false) duplicates the logic in the earlier $effect (lines 49-52). Consider consolidating into a single reactive statement.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4d34af2 and 52ef936.

📒 Files selected for processing (4)

• infrastructure/eid-wallet/src/lib/ui/InputPin/InputPin.svelte (1 hunks)
• infrastructure/eid-wallet/src/routes/(app)/settings/pin/+page.svelte (3 hunks)
• infrastructure/eid-wallet/src/routes/(auth)/login/+page.svelte (1 hunks)
• infrastructure/eid-wallet/src/routes/(auth)/register/+page.svelte (5 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• infrastructure/eid-wallet/src/routes/(auth)/login/+page.svelte

🧰 Additional context used

🧠 Learnings (1)

📚 Learning: 2025-04-24T05:54:12.858Z

Learnt from: sosweetham
Repo: MetaState-Prototype-Project/prototype PR: 97
File: infrastructure/eid-wallet/src/routes/+page.svelte:31-35
Timestamp: 2025-04-24T05:54:12.858Z
Learning: The "Clear PIN" button on the root page of the eID wallet application is intended for debugging purposes only, not for production use, so it doesn't require confirmation dialogs or detailed user guidance.

Applied to files:

• infrastructure/eid-wallet/src/routes/(auth)/register/+page.svelte

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: lint
• GitHub Check: build

🔇 Additional comments (4)

infrastructure/eid-wallet/src/lib/ui/InputPin/InputPin.svelte (1)

46-52: LGTM! Auto-reset enhances UX.

The reactive effect correctly clears all PIN entries when the computed PIN becomes empty, supporting seamless reset flows across registration, login, and settings screens.

infrastructure/eid-wallet/src/routes/(app)/settings/pin/+page.svelte (2)

17-21: LGTM! Navigation improvement.

Adding goto("/settings") appropriately returns the user to the settings page after closing the drawer.

---

35-39: No action required—signature supports both call patterns correctly.

The updatePin method signature at line 116 of security.ts defines oldPin as an optional parameter: async updatePin(newPin: string, confirmPin: string, oldPin?: string). This design correctly supports both use cases: registration without an existing PIN (2 parameters) and settings with PIN update (3 parameters). The implementation validates the old PIN only when needed, making the inconsistency in call patterns expected and correct.

infrastructure/eid-wallet/src/routes/(auth)/register/+page.svelte (1)

88-95: LGTM! Error handling added.

The try-catch block properly handles updatePin failures, preventing the success drawer from displaying on errors.