Implement a dialog for setting new device PIN#135
Draft
msirringhaus wants to merge 2 commits intolinux-credentials:mainfrom
Draft
Implement a dialog for setting new device PIN#135msirringhaus wants to merge 2 commits intolinux-credentials:mainfrom
msirringhaus wants to merge 2 commits intolinux-credentials:mainfrom
Conversation
…onform to the PIN policy
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Only NFC and USB for now. Hybrid makes no sense, and I don't have anything to test BLE right now. USB and NFC both work.
Flow of how this works:
Upon "PinNotSet"-error during registration, there will be a page telling the user that the RP requires additional protection on the device, e.g. a PIN, which will affect the whole device. There are two buttons: "Close", "Set PIN on device". Close closes the window. "Set PIN on device" brings the user to another page that offers 2 password-entry fields. "Continue" will be disabled until both fields are non-empty and identical. On pressing "Continue", the PIN is set for the device.
Some known issues with this implementation:
On error (e.g. PinTooShort) the window just swaps to the general error page and the user needs to close and start again.[solved. User is now dropped to the page with the "Set PIN on device"-button, with error text about PIN policy violation]On success, the window simply closes. The PIN is now set and the request needs to be issued again. But this is not really communicated in a good way.This is actually a general bug. The window is supposed to stay open for a bit in general to show "Done", but in practice gets closed right away because some cancel-request overrides it.credentialsdwhat kind of UV the device supports?credentialsdhandles the event, but also couldn't come up with a better approach. It basically starts a fresh "Select the device you want, then continue with request 'Setting new PIN' on that device"-cycle, which may result in weird UX, if multiple devices are plugged in. But I also don't really know how to go directly for the previously selected device.Thus, I marked this PR a draft for now. Maybe @iinuwa has some suggestions for some of these problems?