upcoming: [M3-7716] - Add session expiry confirmation dialog for proxy users

[jaalah-akamai]

Description 📝

When a proxy user wants to switch back to their parent account, the parent account's authentication token must still be valid in order for them to switch back to the parent's account or log into any other proxy accounts displayed in the drawer.

If the parent token is not valid, a proxy user should be given adequate notice that they must re-log in to the parent account. We also will disabled the "Switch Account" buttons if this is the case.

Changes 🔄

• Updated the useDialogContext.ts hook API. The original API was kind of rigid, whereas now we can have dynamic state that we can extend if we need to. The original API and references to open and closed still work, but I will clean that up after this PR.

useDialogContext({
    continueSession: false,
    isOpen: false,
});

• Added SwitchAccountSessionDialog.tsx for when parent session expires
• Added useParentTokenManagement.tsx for checking expiration and showing dialog. We still may need to poll the expiry or at least check every time the user menu opens or a user lands on the account page.
• Improved isRestrictedGlobalGrantType to take into consideration account_access which can be null | 'read_only' | 'read_write'

Preview 📷

Screenshots

How to test 🧪

Should NOT show session expired dialog

Prerequisites

• Turn on MSW and Parent/Child feature flag
• By default you should be a parent user, if not, update: serverHandlers

Reproduction steps

• Open user menu
• Click Switch Account button
• Select a child company

Verification steps

• Observe parent/proxy tokens are created in local storage
• Set user_type to proxy in serverHandlers
• Observe no dialog appears since we have an active parent token

Should show session expired dialog

Prerequisites

• Clear application cookies
• Turn on MSW and Parent/Child feature flag
• Set user_type to proxy in serverHandlers

Reproduction steps

• Since there is no parent token defined, it's invalid and you should see the dialog

Verification steps

• Close the dialog and observe that it should not appear again
• Observe that both "Switch Account" buttons in user menu and account page are disabled

As an Author I have considered 🤔

Check all that apply

• 👀 Doing a self review
• ❔ Our contribution guidelines
• 🤏 Splitting feature into small PRs
• ➕ Adding a changeset
• 🧪 Providing/Improving test coverage
• 🔐 Removing all sensitive information from the code and PR description
• 🚩 Using a feature flag to protect the release
• 👣 Providing comprehensive reproduction steps
• 📑 Providing or updating our documentation
• 🕛 Scheduling a pair reviewing session
• 📱 Providing mobile support
• ♿ Providing accessibility support

[jaalah-akamai]

Only change here was adding the Provider wrapper (rest is context shift)

[jaalah-akamai]

Added TODO since open and close are no longer necessary, but I didn't want to break existing API.

[jaalah-akamai]

We'll be able to remove these 3 as well in upcoming PR

[jaalah-akamai]

Open to input/thoughts here

[github-actions]

Coverage Report: ✅
Base Coverage: 81.13%
Current Coverage: 81.14%

[hana-linode]

If a user is able to continue working on an account with an expired parent token, I think it would make more sense to only display this dialog when they try to switch accounts?

[jaalah-akamai]

If a user is able to continue working on an account with an expired parent token, I think it would make more sense to only display this dialog when they try to switch accounts?

The goal was to prevent users from attempting to switch accounts once the token expired - so the Switch Account button would be disabled at expiry. I'll spend some more time thinking about the UX, but that was the intention.

[hana-linode]

@jaalah What if we don't disable the Switch Account button at expiry but just have it open the session expiry confirmation dialog instead? That way the dialog doesn't display when the user isn't trying to switch accounts but still prevents users from switching accounts

[jaalah-akamai]

@hana-linode 🙌

reviewupdates.mp4

[jaalah-akamai]

I'm keeping things in context because we're going to implement a way to refresh parent tokens as expiry nears an end, so I'll swap the dialog and save me some work.

[hana-linode]

Liking this flow a lot better. I was thinking we can keep the Switch Account buttons enabled even after the user hits close. And just keep having the button open the session expiry confirmation dialog until they re-login to the parent account

Screen.Recording.2024-02-09.at.11.02.09.AM.mov

[mjac0bs]

Liking this flow a lot better. I was thinking we can keep the Switch Account buttons enabled even after the user hits close

Hmm, I agree with this too. We're currently doing a bit of both flows when we only disable after the first click of the button/appearance of the dialog, which feels like an odd UX. It'd be more consistent to either (1) always allow the user to click the enabled button and see the modal or (2) always disable the buttons, which was the original behavior but I think Hana's suggestion is better -- less intrusive for the user.

A minor note: if the parent token is expired and if the parent profile request is not cached, then we might end up with the parent username no longer displaying in the user menu above the company name.

[jaalah-akamai]

@hana-linode @mjac0bs ✅ thanks for feedback!

[mjac0bs]

Thanks for addressing the changes - the expiry dialog looks good and is displayed for a proxy user clicking either Switch Account button who doesn't have a valid parent token in local storage.

Left a few comments about minor clean up - mostly related to naming, a couple related to the tooltip we were displaying when disabling the button.