use auto name for sso sign up

[smallst]

fix ENG-1438

i think gmail make sure the email name is unique, so adding +gplus should work fine. if we meet some case that name conflict, we can resolve it later

Summary by CodeRabbit

Summary by CodeRabbit

• New Features

  • The account creation process has been streamlined by removing the manual username entry.
  • An automatically generated username is now created using your email and sign-on method, simplifying the sign-up experience while maintaining essential functionality.

• Style

  • Added a new class to enhance the layout of the modal.

[coderabbitai]

Walkthrough

The changes remove the visible username input and its associated validation from the single sign-on confirmation modal, replacing it with a hidden input that captures the autoName from the signup state. In parallel, the SSO connection handler now computes an autoName by concatenating the email prefix with the SSO method used and sets it in the signup state. Additionally, a new CSS class is introduced to adjust the modal's layout. The overall modal structure and navigation buttons remain unchanged.

Changes

File Path	Change Summary
app/templates/core/create-account-modal/...pug	Removed the visible username input and validation; added a hidden input field to capture autoName.
app/views/core/CreateAccountModal/BasicInfoView.js	Added logic in handleSSOConnect to compute autoName from the email prefix and SSO method, setting it in the signup state.
app/styles/modal/create-account-modal/...sass	Introduced a new nested class .m-y-3 within .modal-body with a width of 40px.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant BasicInfoView
    participant ModalView
    User->>BasicInfoView: Initiates SSO Connect
    BasicInfoView->>BasicInfoView: Compute autoName from email prefix + SSO method
    BasicInfoView->>ModalView: Update signupState with autoName
    ModalView->>User: Render modal with hidden autoName input

Loading

Poem

I'm a rabbit hopping along with glee,
Watching code change as smooth as can be.
The username input has hopped away,
Now autoName shines in a hidden display.
Carrots and code in joyful array! 🥕
Hop, skip, and code on my dear dev day!

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4b14be0 and 3b3cd2e.

📒 Files selected for processing (2)

• app/styles/modal/create-account-modal/sso-confirm-view.sass (1 hunks)
• app/templates/core/create-account-modal/single-sign-on-confirm-view.pug (1 hunks)

✅ Files skipped from review due to trivial changes (1)

• app/styles/modal/create-account-modal/sso-confirm-view.sass

🚧 Files skipped from review as they are similar to previous changes (1)

• app/templates/core/create-account-modal/single-sign-on-confirm-view.pug

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: ESLint CI
• GitHub Check: Node.js CI (18.10.0)

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (2)

app/views/core/CreateAccountModal/BasicInfoView.js (1)

585-599: Consider handling name conflicts proactively.

The current implementation sets the auto-generated name but doesn't check for conflicts until form submission. Consider checking for conflicts immediately and appending a number if needed.

 this.signupState.set({ ssoAttrs, ssoResp: resp })
 const { email } = ssoAttrs
 return User.checkEmailExists(email).then(({ exists }) => {
   this.signupState.set({
     ssoUsed,
     email: ssoAttrs.email
   })
   const autoName = `${ssoAttrs.email.split('@')[0]}+${ssoUsed}`
-  this.signupState.set('autoName', autoName)
+  return User.checkNameConflicts(autoName)
+    .then(({ conflicts }) => {
+      if (conflicts) {
+        const timestamp = Date.now().toString().slice(-4)
+        autoName = `${autoName}${timestamp}`
+      }
+      this.signupState.set('autoName', autoName)
+    })
   if (exists) {

🧰 Tools

🪛 ESLint

[error] 590-591: Missing trailing comma.

(comma-dangle)

app/templates/core/create-account-modal/single-sign-on-confirm-view.pug (1)

21-21: Improve user experience around automatic username assignment.

Users should be informed about their auto-generated username and have the ability to modify it if desired.

Consider:

1. Adding a visible (read-only) field to display the generated username
2. Including help text explaining the username format
3. Providing a "Change username" option that reveals an input field
4. Adding validation feedback messages

Example enhancement:

+      .form-group
+        label.control-label(for="auto-username")
+          span(data-i18n="signup.generated_username")
+        input.form-control(type="text" id="auto-username" readonly value=view.signupState.get('autoName'))
+        small.form-text.text-muted
+          span(data-i18n="signup.username_format_help")
+        a.small.edit-username(href="#")
+          span(data-i18n="common.change")
       input.hidden(name="name" value=view.signupState.get('autoName'))

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a7f7809 and 4b14be0.

📒 Files selected for processing (2)

• app/templates/core/create-account-modal/single-sign-on-confirm-view.pug (1 hunks)
• app/views/core/CreateAccountModal/BasicInfoView.js (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: ESLint CI
• GitHub Check: Node.js CI (18.10.0)

[coderabbitai]

🛠️ Refactor suggestion

Basic auto-name generation implementation looks good.

The implementation follows the PR objective by automatically generating a username from the email prefix and SSO method.

However, the current implementation needs additional validation and sanitization. Consider these improvements:

-const autoName = `${ssoAttrs.email.split('@')[0]}+${ssoUsed}`
+const emailPrefix = ssoAttrs.email.split('@')[0]
+  .replace(/[^a-zA-Z0-9]/g, '') // Remove special characters
+  .substring(0, 15) // Limit length
+const autoName = `${emailPrefix}+${ssoUsed}`
+if (autoName.length > 20) { // Assuming 20 is max username length
+  autoName = autoName.substring(0, 20)
+}

This will:

• Remove special characters from email prefix
• Enforce length limits
• Handle edge cases better

Committable suggestion skipped: line range outside the PR's diff.

[coderabbitai]

🛠️ Refactor suggestion

❓ Verification inconclusive

Verify username generation edge cases and add validation.

While automating username generation improves the signup flow, there are several edge cases to consider:

1. Email usernames can contain special characters, dots (especially in Gmail), or be very long
2. Multiple users from same domain could have similar prefixes
3. International email addresses might have non-ASCII characters

Please verify the username generation logic in BasicInfoView.js:

Consider adding:

1. Input sanitization for special characters
2. Length limits for generated usernames
3. Fallback logic for duplicate names (e.g., append numbers)
4. Validation for non-ASCII characters

Consider implementing a service to:

1. Check username uniqueness
2. Generate alternative names if needed
3. Apply consistent validation rules

---

🏁 Script executed:

#!/bin/bash
# Search for username validation and generation logic
ast-grep --pattern 'handleSSOConnect($$$) {
  $$$
  autoName = $$$
  $$$
}'

Length of output: 77

---

The output of the previous verification step was inconclusive, so the above script aims to locate any relevant logic for generating autoName by examining usage of the email splitting pattern. If this search also returns no results, please manually verify that the autoName logic (likely residing in a file such as BasicInfoView.js or the equivalent SSO signup handler) properly sanitizes input, enforces length limits, and handles duplicate or international email edge cases.

---

Action: Verify Username Generation and Validation

The hidden input field for auto-generated usernames in app/templates/core/create-account-modal/single-sign-on-confirm-view.pug appears to be correct. However, please ensure that the underlying logic:

• Sanitizes special characters: Validate that email username parts (e.g., from Gmail addresses with dots or special characters) are properly escaped.
• Enforces reasonable length: Ensure that overly long or non-ASCII usernames are trimmed or validated.
• Handles duplicates: Implement fallback logic (such as appending numbers) if multiple users have similar name prefixes.
• Provides error handling: Confirm that there is a suitable fallback if autoName generation fails.

Once these points are verified in the corresponding code (e.g., in BasicInfoView.js or the SSO connect handler), the implementation should address potential security and UX concerns.

---

🏁 Script executed:

```shell
[run_scripts]
#!/bin/bash
# Search for email splitting logic that might be used in username generation
rg "\.split\('@\')" -n .

Length of output: 246

---

The previous commands for locating the username generation logic did not yield conclusive results. At this point, please manually verify the implementation (in the related SSO signup handler, likely in BasicInfoView.js or a similar module) that generates autoName by extracting the email prefix. In particular, confirm that the code:

• Sanitizes special characters: Ensures that characters from email usernames (e.g., dots, symbols) are properly handled.
• Enforces length limits: Prevents overly long or malformed usernames.
• Implements duplicate handling: Provides fallback logic such as appending numbers for duplicate or colliding names.
• Validates non-ASCII characters: Handles international email addresses appropriately.

Once these points are confirmed, the hidden input change in app/templates/core/create-account-modal/single-sign-on-confirm-view.pug appears acceptable.

Automated Username Generation: Verify Input Sanitization and Duplicate Handling

• Verify that the autoName generation logic properly sanitizes input and enforces length limits.
• Ensure fallback logic (e.g., appending numbers) is implemented to handle potential duplicates.
• Confirm the implementation supports international/non-ASCII email addresses.

---

🏁 Script executed:

```shell
[run_scripts]
#!/bin/bash
# Search for autoName assignment with email splitting logic
rg 'autoName\s*=.*split' -n .

Length of output: 288

---

Action: Verify and Enhance Username Generation Logic

The hidden input in
app/templates/core/create-account-modal/single-sign-on-confirm-view.pug
retrieves the username using view.signupState.get('autoName'), which is set in the SSO signup flow. Notably, in
app/views/core/CreateAccountModal/BasicInfoView.js (line 592), the username is generated as follows:

const autoName = `${ssoAttrs.email.split('@')[0]}+${ssoUsed}`;

Please manually verify that the underlying logic addresses the following concerns:

• Sanitization: Ensure that special characters (e.g., dots or symbols from email prefixes) are either sanitized or properly escaped.
• Length Constraints: Confirm that the generated username adheres to acceptable length limits and that non-ASCII characters are correctly handled.
• Duplicate Handling: Check for a mechanism to handle potential duplicates (for example, appending numbers or similar fallback logic) when multiple users share similar email prefixes.

Once these aspects are verified and, if necessary, enhanced, the changes in the Pug template can be considered acceptable.