Adjust login to conform to UX specification #804
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The store now returns an unambiguous error to indicate that two-factor
authentication is required, so we can use that to make the login process
behave how the UX specification says it should: only prompt for 2fa if
necessary, and provide a hint on a successful login without 2fa.
One obvious hack in this change is that we don't yet provide a
convenient per-store link for enabling 2fa, but instead just hardcode a
link to the SSO FAQ for now. At the moment, people have to explicitly
opt into 2fa by joining a Launchpad team, which is a deliberate decision
because we don't have a good recovery facility and can't afford the
support bandwidth of doing manual recovery for millions of users. When
this changes then we can also update snapcraft to do something more
graceful here, but for the moment I think this is tolerable.
LP: #1621710