fix: add new message when refresh parameter is true

[nanikjava]

PR for fixing #1117

• I have read the contributing guidelines.
• I am following the
  contributing code guidelines.
• I have read the security policy.
• I confirm that this pull request does not address a security
  vulnerability. If this pull request addresses a security. vulnerability, I
  confirm that I got green light (please contact
  security@ory.sh) from the maintainers to push
  the changes.
• I have added tests that prove my fix is effective or that my feature
  works.
• I have added or changed the documentation.

[aeneasr]

Thank you! This looks really good already! There are a few more things we need to do to get it merged.

---

The CI is failing because some files are formatted incorrectly. To format them, run:

$ make format
$ git commit -a -m "styles: format code"
$ git push

---

Please also add a test around here

kratos/selfservice/strategy/password/login_test.go

Line 465 in 1c84205

assert.Empty(t, gjson.GetBytes(body, "ui.nodes.#(attributes.name==password).attributes.value").String(), "%s", body)

verifying that the message is set in the payload :)

Thank you!

[aeneasr]

Revert order

[aeneasr]

Since this is in the login UI, please put it in message_login and give it a descriptive name

[nanikjava]

Thank you! This looks really good already! There are a few more things we need to do to get it merged.

The CI is failing because some files are formatted incorrectly. To format them, run:

$ make format
$ git commit -a -m "styles: format code"
$ git push

Please also add a test around here

kratos/selfservice/strategy/password/login_test.go

Line 465 in 1c84205

assert.Empty(t, gjson.GetBytes(body, "ui.nodes.#(attributes.name==password).attributes.value").String(), "%s", body)

verifying that the message is set in the payload :)

Thank you!

@aeneasr

Thanks for the comment. Will fix it up and add the test.

Frankly, I'm still confused of the use case of this fix, as just started to get myself down and dirty with the code :)

The fix will include message Please confirm this action by verifying that it's you. when the ?refresh=true flag is set. Does this mean that regardless of what the state of the login is as long as the URL include the ?refresh=true flag that message will be passed back ?

I've updated the PR. Thanks

[codecov]

Codecov Report

Merging #1560 (e9eb4d1) into master (60d848d) will increase coverage by 0.01%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##           master    #1560      +/-   ##
==========================================
+ Coverage   74.17%   74.19%   +0.01%     
==========================================
  Files         257      257              
  Lines       12557    12565       +8     
==========================================
+ Hits         9314     9322       +8     
  Misses       2624     2624              
  Partials      619      619              

Impacted Files	Coverage Δ
selfservice/flow/login/handler.go	67.96% <100.00%> (+0.50%)	⬆️
text/message_login.go	71.69% <100.00%> (+3.61%)	⬆️
x/nosurf.go	92.59% <100.00%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 64c90bf...e9eb4d1. Read the comment docs.

[nanikjava]

@aeneasr any feedback on the PR ? Thanks.

[aeneasr]

@nanikjava sorry for the long response time, I didn't have time to review things because it was a really busy week.

The fix will include message Please confirm this action by verifying that it's you. when the ?refresh=true flag is set. Does this mean that regardless of what the state of the login is as long as the URL include the ?refresh=true flag that message will be passed back ?

Yes, exactly, that would be the case. I think it's an o.k. workaround for now.

There is still an open item, could you please address my comment:

#1560 (comment)

Thank you for your hard work! :)

[nanikjava]

@nanikjava sorry for the long response time, I didn't have time to review things because it was a really busy week.

The fix will include message Please confirm this action by verifying that it's you. when the ?refresh=true flag is set. Does this mean that regardless of what the state of the login is as long as the URL include the ?refresh=true flag that message will be passed back ?

Yes, exactly, that would be the case. I think it's an o.k. workaround for now.

Ok cool. Thanks for confirming about the behaviour.

There is still an open item, could you please address my comment:

#1560 (comment)

Thank you for your hard work! :)

Fixed.

[nanikjava]

@aeneasr Checked the E2E test and looks like it has 1 test case failing using cockroachdb not sure what is the problem.

Tried running locally by executing the run.sh inside test/e2e/run.sh but not able to run completely as it keeps on timing out after the following

waiting for 6 resources: http-get://127.0.0.1:4434/health/ready, http-get://127.0.0.1:4455/health, http-get://127.0.0.1:4446/, http-get://127.0.0.1:4456/health, http-get://127.0.0.1:4457/, http-get://127.0.0.1:4437/mail
waiting for 5 resources: http-get://127.0.0.1:4434/health/ready, http-get://127.0.0.1:4455/health, http-get://127.0.0.1:4456/health, http-get://127.0.0.1:4457/, http-get://127.0.0.1:4437/mail
waiting for 4 resources: http-get://127.0.0.1:4434/health/ready, http-get://127.0.0.1:4455/health, http-get://127.0.0.1:4456/health, http-get://127.0.0.1:4457/
waiting for 3 resources: http-get://127.0.0.1:4434/health/ready, http-get://127.0.0.1:4455/health, http-get://127.0.0.1:4457/
waiting for 2 resources: http-get://127.0.0.1:4434/health/ready, http-get://127.0.0.1:4457/
waiting for 1 resources: http-get://127.0.0.1:4457/

[aeneasr]

Please move this to message_login - this file should stay unmodified. message_verification refers to the self-service verification (e.g. email verification flow). Thank you :)

[nanikjava]

@aeneasr Thanks for the feedback. Changes has been moved to message_login. Hope I did it right this time :)

[aeneasr]

Thank you! I added some changes but overall this looks very good! Ready to be merged :)