New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: captcha for invite user flow #31715
Conversation
…o feat/captcha-invite-user
…o feat/captcha-invite-user
WalkthroughWalkthroughThe recent updates primarily focus on integrating Google reCAPTCHA into the user invitation process for enhanced security. This involves modifications across various files to handle the reCAPTCHA token, including adding necessary imports and logic for reCAPTCHA validation during form submission. Furthermore, the Changes
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (invoked as PR comments)
Additionally, you can add CodeRabbit Configration File (
|
/build-deploy-preview skip-tests=true |
Deploying Your Preview: https://github.com/appsmithorg/appsmith/actions/runs/8259833023. |
Deploy-Preview-URL: https://ce-31715.dp.appsmith.com |
/build-deploy-preview skip-tests=true |
Deploying Your Preview: https://github.com/appsmithorg/appsmith/actions/runs/8262374710. |
Deploy-Preview-URL: https://ce-31715.dp.appsmith.com |
Failed server tests
|
…horg/appsmith into feat/captcha-invite-user
/build-deploy-preview skip-tests=true |
Deploying Your Preview: https://github.com/appsmithorg/appsmith/actions/runs/8263889038. |
Deploy-Preview-URL: https://ce-31715.dp.appsmith.com |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since the PR consists of changes on CE files, which has respective EE files on the EE repo, you will have to take care of those too. Else things won't work as expected on EE.
Deploying Your Preview: https://github.com/appsmithorg/appsmith/actions/runs/8293970042. |
Deploy-Preview-URL: https://ce-31715.dp.appsmith.com |
/build-deploy-preview skip-tests=true |
Deploying Your Preview: https://github.com/appsmithorg/appsmith/actions/runs/8309461981. |
Deploy-Preview-URL: https://ce-31715.dp.appsmith.com |
const recaptchaStatus = useScript( | ||
`https://www.google.com/recaptcha/api.js?render=${googleRecaptchaSiteKey.apiKey}`, | ||
AddScriptTo.HEAD, | ||
); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The use of the useScript
hook to dynamically load the Google reCAPTCHA script is a good practice for optimizing load times and ensuring the script is only loaded when necessary. However, as previously mentioned, adding error handling or a timeout mechanism could improve resilience and user experience in case the script fails to load or is delayed.
Consider enhancing the useScript
hook to include error handling and a timeout mechanism. This could involve adding state variables to track loading errors and implementing a timeout to handle cases where the script loading is significantly delayed.
const captchaWrappedInviteUsersSubmitHandler = handleSubmit( | ||
async (values: any, dispatch: any) => { | ||
try { | ||
if ( | ||
googleRecaptchaSiteKey.enabled && | ||
recaptchaStatus === ScriptStatus.READY | ||
) { | ||
const token = await window.grecaptcha.execute( | ||
googleRecaptchaSiteKey.apiKey, | ||
{ | ||
action: "submit", | ||
}, | ||
); | ||
|
||
return inviteUsersSubmitHandler(values, dispatch, token); | ||
} else { | ||
return inviteUsersSubmitHandler(values, dispatch); | ||
} | ||
} catch (error) { | ||
log.error(error); | ||
throw error; // This will cause the form submission to fail | ||
} | ||
}, | ||
); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The wrapping of the form submission handler with captcha verification logic is well-implemented. It conditionally includes the captcha token based on the reCAPTCHA configuration and script readiness. This approach ensures that the captcha verification step is integrated seamlessly into the form submission process.
However, the error handling in the catch block simply logs the error and rethrows it. While this is sufficient for debugging, it might not provide the best user experience in case of failures.
Consider adding user-friendly error handling in the catch block of the captchaWrappedInviteUsersSubmitHandler
function. This could involve displaying a toast notification or updating the UI to inform the user about the issue, in addition to logging the error for debugging purposes.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
/build-deploy-preview skip-tests=true |
Deploying Your Preview: https://github.com/appsmithorg/appsmith/actions/runs/8322859726. |
Deploy-Preview-URL: https://ce-31715.dp.appsmith.com |
Description
Add captcha for the invite user flow.
Fixes https://theappsmith.slack.com/archives/CGBPVEJ5C/p1710134091696379
#31789
Automation
/ok-to-test tags="@tag.Workspace"
🔍 Cypress test results
Important
Workflow run: https://github.com/appsmithorg/appsmith/actions/runs/8321963367
Commit:
769030f0a3deb09e256c38cba7d6d30a9a80a379
Cypress dashboard url: Click here!
All cypress tests have passed 🎉🎉🎉
Summary by CodeRabbit
Summary by CodeRabbit