feat(clerk-js, types): Trigger UserVerification within UserProfile#4127
Conversation
🦋 Changeset detectedLatest commit: f7dad10 The changes in this PR will be included in the next version bump. This PR includes changesets to release 18 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
…ation-for-sensitive-actions-in
…ation-for-sensitive-actions-in # Conflicts: # packages/clerk-js/src/core/resources/Session.ts
| { wrapper }, | ||
| ); | ||
| await userEvent.click(getByRole('button', { name: 'Add a passkey' })); | ||
| getByRole('button', { name: 'Add a passkey' }); |
There was a problem hiding this comment.
🧹 We were not doing anything after the click.
…ation-for-sensitive-actions-in
panteliselef
changed the title
panteliselef
changed the title
panteliselef
changed the title
…ation-for-sensitive-actions-in
|
!preview |
1 similar comment
|
!preview |
| options?: { | ||
| notify?: boolean; | ||
| }, |
There was a problem hiding this comment.
This is only internal
| metadata, | ||
| }, | ||
| } as AssuranceHint; |
There was a problem hiding this comment.
Why not add the metadata to the AssuranceHint, then you don't need to typecast
There was a problem hiding this comment.
I may end up changing this in a followup iteration.
|
!snapshot |
|
Hey @panteliselef - the snapshot version command generated the following package versions:
Tip: Use the snippet copy button below to quickly install the required packages. npm i @clerk/astro@1.3.9-snapshot.vbe1abf5 --save-exact
npm i @clerk/backend@1.13.5-snapshot.vbe1abf5 --save-exact
npm i @clerk/chrome-extension@1.3.11-snapshot.vbe1abf5 --save-exact
npm i @clerk/clerk-js@5.24.0-snapshot.vbe1abf5 --save-exact
npm i @clerk/elements@0.15.7-snapshot.vbe1abf5 --save-exact
npm i @clerk/clerk-expo@2.2.17-snapshot.vbe1abf5 --save-exact
npm i @clerk/express@1.0.2-snapshot.vbe1abf5 --save-exact
npm i @clerk/fastify@1.0.48-snapshot.vbe1abf5 --save-exact
npm i @clerk/localizations@3.1.0-snapshot.vbe1abf5 --save-exact
npm i @clerk/nextjs@5.6.3-snapshot.vbe1abf5 --save-exact
npm i @clerk/clerk-react@5.9.4-snapshot.vbe1abf5 --save-exact
npm i @clerk/remix@4.2.32-snapshot.vbe1abf5 --save-exact
npm i @clerk/clerk-sdk-node@5.0.45-snapshot.vbe1abf5 --save-exact
npm i @clerk/shared@2.8.4-snapshot.vbe1abf5 --save-exact
npm i @clerk/tanstack-start@0.4.8-snapshot.vbe1abf5 --save-exact
npm i @clerk/testing@1.3.6-snapshot.vbe1abf5 --save-exact
npm i @clerk/themes@2.1.33-snapshot.vbe1abf5 --save-exact
npm i @clerk/types@4.23.0-snapshot.vbe1abf5 --save-exact |
| {showPhone && <PhoneSection shouldAllowCreation={shouldAllowIdentificationCreation} />} | ||
| {showConnectedAccounts && <ConnectedAccountsSection shouldAllowCreation={shouldAllowIdentificationCreation} />} | ||
|
|
||
| {/*TODO-STEP-UP: Verify that these work as expected*/} |
There was a problem hiding this comment.
Are these verified they work? 😄
There was a problem hiding this comment.
Yes, although thorough testing will still need to be done. E2E tests will also be introduced before this goes to public beta
| return session.revoke().finally(() => status.setIdle()); | ||
| return ( | ||
| handleAssurance(() => session.revoke()) | ||
| // TODO-STEPUP: Properly handler the response with a setCardError |
There was a problem hiding this comment.
@panteliselef is this to-do for later or it's forgotten?
There was a problem hiding this comment.
Actually this is not step-up specific, just something that i discovered (for later)
| if (afterVerificationUrl) { | ||
| await navigate(afterVerificationUrl); | ||
| } | ||
| throw 'afterVerification is only triggered in modals'; |
There was a problem hiding this comment.
This should never happen, right? We don't expect it to ever happen (?)
There was a problem hiding this comment.
Correct, a follow up PR will remove UserVerification as mounted component
| | Operation | Reverification | Strategy | Timeframe | | ||
| | --- |----------------| --- | --- | | ||
| | Update account (first/last name) | ❌ | | | | ||
| | Update username | ✅ | Strongest available | 10m | | ||
| | Delete account | ✅ | Strongest available | 10m | | ||
| | Create/Remove profile image | ❌ | | | | ||
| | Update password | ✅ | Strongest available | 10m | | ||
| | Remove password | ❌ | | | | ||
| | Revoke session | ✅ | Strongest available | 10m | | ||
| | Create identification | ✅ | Strongest available | 10m | | ||
| | Remove identification | ✅ | Strongest available | 10m | | ||
| | Change primary identification | ✅ | Strongest available | 10m | | ||
| | Update Passkey name | ❌ | | | | ||
| | Enable MFA (TOTP, Phone number) | ✅ | Strongest available | 10m | | ||
| | Disable MFA (TOΤP, Phone number) | ✅ | Strongest available | 10m | | ||
| | Create/Regenerate Backup Codes | ✅ | Strongest available | 10m | | ||
| | Connect External Account | ✅ | Strongest available | 10m | | ||
| | Re-authorize External Account | ❌ | | | | ||
| | Remove External Account | ✅ | Strongest available | 10m | | ||
| | Leave organization | ❌ | | | |
There was a problem hiding this comment.
Is this table also going into our docs?
There was a problem hiding this comment.
Eventually, yes we currently have it in our DX gudie
octoper
left a comment
octoper
left a comment
There was a problem hiding this comment.
Except from the comments Stefanos shared above this looks good 🔥
…ation-for-sensitive-actions-in
…ensitive-actions-in
panteliselef
deleted the
elef/user-665-display-userverification-for-sensitive-actions-in
branch
7 participants
Description
When user re-verification is required FAPI will return a specific error. The goal of this PR is to recognise that error and display the UserVerification modal. After the verification is successful we retry the original request, but if the verification is cancelled the original request will not be retried.
How are people not affected by this
This is a pretty core change in the UserProfile component, we need to make sure that only application that have opted-in to the experimental flows will see the new behavior of UserProfile. This is ensured by many existing tests including this one that would hang indefinitely based on the new behavior.
Cancelled verification
Screen.Recording.2024-09-16.at.6.01.43.PM.mov
Successful verification
Screen.Recording.2024-09-16.at.6.06.35.PM.mov
Checklist
npm testruns as expected.npm run buildruns as expected.Type of change