-
Notifications
You must be signed in to change notification settings - Fork 133
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Alert about backing up Robot Tokens #123
Comments
Hey @ibertario, Indeed, this is a must. And you detailed a very nice way to implement it. I was also wondering how to alert users of their Token not being backed up without being annoying. I think we can track whether users have already copied the token. We can use a variable When the user clicks "Create Order" or "Take Order" and It is a little bit more complex implementation. But with this implementation, users who have already copied the token don't get annoying pop ups. What do you think? It is also worth researching how to store the token into cookies in a safe way (just as the active session cookie is stored). That way if the robot has an active session the token must still be available. It will simplify a lot the design. |
Copied ≠ Saved We can't be sure if after copying the Token the Robot stored it in a safe place. The Robot can have it copied in a temp way not reliable or forgot to back up properly.
The problem here is that in temporary / Tor Browser environments we can't trust cookies. Reset identity, forced close by device, inadvertently close by the Robot, reset, battery shutdown, energy issue... There are multiple scenarios in which cookies will disappear. BUT an alternative can be allow the Robot to download a tiny file with the Token, where the filename is the Robot's name (and maybe the date). |
How about a "I saved my token, don't warn me" check-button on the usergen page next to the copy button? |
That's an addition, because the user can start a trade without that check marked. |
Yes, very true. However, the idea is that by storing the token in cookies instead of the react app state this cannot happen anymore. ⬇️ It will be impossible to have an active session if the browser does not know your token. That means as long as your session is active, you can still back up, most importantly: less UI to create for this feature :D Storing the robot token into cookies is, in any case, needed for other features such as using multiple robots simultaneously. See #68 (comment)
True.. 🤔 Where will you put the download button without increasing the entropy of the UserGen page? I think that with minimum impact to the UI ( no new checkbox or download buttons), we can simply track in a non invasive way whether the user has moved the token to their clipboard. It is strictly better than the current approach and does not increase cluttering. In the meantime we explore the download token functionality for a future PR. I personally do not like dealing with downloaded .txt files on a mobile phone. Forcing users to tap the download button or get one extra pop up introduces hassle, specially for those who know how to copy/paste effectively. However, this might be the only way to ensure the user did back up the token permanently ;) (Do we need to ensure that... ? :D ) |
Both alerts (for makers and takers) are already implemented as described by @ibertario . It is also tougher now to lose the token by the browser. The alerts won't show if they user has copied the token previously. |
This a good way to improve Token session persistence.
Think about all type of users with this. Instead of the "copy" button, some users (like me) prefer double click/select the Token text directly and copy it, or (in paranoid mode) copy some characters from the middle and then the other side. I'm against to check if the copy button was used (and assume that the user copied it later!)
Tested and work PERFECT! This is the best workaround IMO.
I close this issue, and if you want create a new one to track that download token functionality. |
Yes please! It needs a bit of thinking... how to implement a download button without adding more elements... |
This can reduce support request where Robots didn't backed up their Tokens.
Before creating or taking an order, alert the Robot to back up their Token. If you use a modal window you can show also the Token:
CAUTION: Backing up your Token is extremely important before starting a trade.
I DID
This is more important when the Token goes away if the browser elements refresh, because the Robot's session remains active. In that case you can add a conditional comment with a link to the Home:
If you didn't, GENERATE A NEW ROBOT before continuing.
I DID
The text was updated successfully, but these errors were encountered: