HTML5/D3: No notification when trying to make changes without being authenticated

[zonak]

The UI has no notifications if a user tried to make changes but is not authenticated. I think that this should be explained in some sort of a message that would instruct the user to logon first.

[aallan]

This is getting picked up in the Google+ community a fair bit, and it's leading to a lot of misunderstandings. We should probably move this up the queue.

[webchickbot]

I suggest one of our standard error message treatments - here is suggested wording. Looping in @ae9f

<span id="hard-hat-area">
<p>Please Login</p>
<p">You are trying to make changes but are not logged in.<br />Please login to authenticate and continue editing.</p>
</span>

[aallan]

Interesting. This does of course also show up when trying to add authentication information for the Koubiachi, and presumably other, things, see for instance issue 57.

[aallan]

I've tagged this with a V1.3 milestone as I really think we need to get this sorted for the next release.

[ae9f]

I'd like to recreate this to inspect for errors sent by the steward (although I am not RPi equipped here, if that's an issue). How do I load the client without being authenticated (other than through 8887)? As of a recent update, all steward errors received through both sockets should be displayed in the client. (BTW, I have next to no internet access until 29 Nov. afternoon PST at best.)

[aallan]

If you access the steward from a remote machine, rather than from localhost, at https://steward.local:8888 you'll end up with read-only access rather than read/write access.

[ae9f]

Authentication warnings can occur when first loading the home page on port 8888. If you dismiss the warning and drilldown to change something, you'll get another authentication warning at that point. I believe the current solution addresses the issue.

[aallan]

Sorry Danny, but I'm reopening this… I disagree.

Firstly that's not my experience. When going to the d3 client at https://127.0.0.1:8888 I'm always prompted for a user and OTP—as a side effect of this address being used by TAAS—so wouldn't see these messages. However when I go to the client via https://steward.local:8888, in other words when I'm running the steward on the Raspberry Pi and I'm connecting via the LAN, I've never seen any such initial authentication warning, and when I drill down and change something in read-only mode in those instances I also don't see any further warnings.

Additionally, even if these warnings do occur for others—and if so, we should probably figure out why am I not seeing them—behind the "Do you, or will you, support X" question, this is the most talked about item in the Google+ Community. There are four, possibly five, separate threads on this topic now.

Also see issue #57, there are no messages when adding additional API or login information about a thing, e.g. a Koubiachi plant sensor, in read-only mode. The addition of the thing to the database just fails silently.

@mrose17 …what's been your experience here?

[mrose17]

My environment is too constrained to see the issue... Why don't I send Danny a pre-configured RPi and he can duplicate the problem???

[ae9f]

Alasdair, pls check the latest on your RPi setup (and elsewhere as needed). All https access should now be going through authentication (as the gods intended).

[aallan]

Latest build seems to now request a login on initial entry to https://steward.local:8888 so I think we're good. Thanks Danny!