Skip to content

Commit

Permalink
Merge main into branch vc-mvp-2 (#1931)
Browse files Browse the repository at this point in the history
* Add fake indexeddb to support testing pin input (#1873)

This is a PR in preparation for adding the PIN auth feature, which
will require support for indexeddb in tests.

* Add support for dynamic error keys to pin input component (#1872)

* Add support for dynamic error keys to pin input component

Support for dynamic keys is required to make the pin input compatible
with the error texts provided by `LoginFlowError`.

* Import type

* Always autosubmit when PIN input is filled (#1876)

* Always autosubmit when PIN input is filled

On error, there is no way currently to change the input and resubmit
because there is no submit button and the autosubmit only submits once.

After quick check-back with Artem it was decided that the autosubmit should
submit whenever the input is filled.

* Fix test

* Provide verify function externally to usePin flow (#1874)

* Provide verify function externally to usePin flow

This PR expands the usePin function to take a PIN verification
function as an argument. This will later be used to immediately check
whether the identity can be decrypted using the provided PIN.

* Fix lint error

* Implement review feedback

* Add Support for PIN Identity to AuthBox (#1877)

This PR adds support for pin identities to the authentication box.
The feature won't become active yet, as users cannot register pin
identities.

The flow/functionality however can be tested using the showcase flow.

Basically all of the code is taken from the `nm-set-pin` branch by @nmattia.

* Refactor register to allow setting key type (#1878)

This PR is in preparation for pin auth registration.
For this feature, we need to have more control over the
key type submitted to II.

* Allow pin registration for Apple devices (#1879)

This PR enables registration of PIN protected browser keys when
signing up for II. The feature is enabled on Apple devices only,
because it is meant as a workaround for the forced Apple iCloud
integration.

When adding a device later, the PIN protected browser key is not
allowed, even on Apple devices.

The feature is still very basic. In particular, still missing are:
- the temporary key info screen
- updates to the management page to correctly list temporary keys
  separate from passkeys
- warnings on the management screen

Almost all of the code is taken from the `nm-set-pin` branch by @nmattia.

* Show pin protected keys in a separate list on the management page (#1880)

This allows users to distinguish between the temporary keys and
passkeys when visiting the management page.

* Introduce information page for temporary keys (#1881)

This PR introduces the information page for temporary keys
to the showcase. It is not yet part of the pin registration flow.

* Enable pin info page (#1882)

This PR adds the pin info page to the pin registration flow.

* Extract temporary key template and copy (#1883)

Additional warnings, etc. need to be added.
Extracting copy and separating everything related to temp keys into its
own file makes it easier to modify later.

* Add warning to PIN info screen (#1885)

This adds the warning as shown in the figmas to the PIN info screen.

* Add TempKey Security Warning to Management Screen (#1884)

* Add TempKey Security Warning to Management Screen

This PR adds a security warning to the management page if you have
signed in using a PIN protected browser key, if there is no recovery
phrase and/or passkey.

* Remove unnecessary tooltip classes

* Fix misleading id

* Extract button duplication

* Improve variable naming

* Implement review feedback

* Make stepper on registration finish step dependent on the auth flow (#1887)

This PR extracts the stepper on the finish page and adjusts it to
show the appropriate steps depending on whether a passkey or a pin
protected storage key was registered.

* Change PIN registration stepper to 3 steps (#1886)

It also renames the first step from "set" to "set_pin"
because `set` is a reserved keyword in js.

* Move temp keys section above passkeys section in manage view (#1889)

According to the figmans, the temp keys need to be shown first.

* Highlight recovery box on no recoveries (#1888)

* Highlight recovery box on no recoveries

If there are no recovery methods, the recovery section is now highlighted
with a warning.

* Implement review feedback

* Highlight passkey warning only on 0 passkeys (#1890)

* Highlight passkey warning only on 0 passkeys

This changes the warning highlight around passkeys to only
appear if the number of passkeys is zero. Also, there is now a
text shown for passkeys in the non-warning state.

Together with #1888 this shifts the warning box highlight on an
identity with just a single passkey from the passkey box to the
recovery box.

* Implement review feedback

* Don't push classes

* Update commit of IC artefacts (#1891)

Co-authored-by: gix-bot <[email protected]>

* Update selenium docker container (#1892)

This PR updates the docker selenium container. In addition, it changes
the resolution within the container so that the whole browser can be seen
when connecting via noVNC.

* Fix dapps update job not creating a PR (#1893)

Fix dapps update not job not creating a PR

The update action skipped on a variable that was never set, thus never
actually updating the dapps file.

* Fix formatting of updated dapps.json file (#1895)

The dapps.json update could trigger the formatter on badly formatted
json. This PR fixes the job to create the PR with acceptable formatting
in the first place.

* Install dependencies in dapps update (#1897)

The formatter needs to be installed first before it can be run
in the dapps update workflow. Fixes oversight in #1895.

* Convert JPG to webp on dapp update (#1899)

This automatically converts all the JPG icons to webp when
updating dapps.

* Fix issue with SVG conversion in dapp update (#1900)

SVGs with a smaller size than 256*256 were resized in a way
that just put the original image in the top-left corner.
This PR fixes this and resizes the icons to appropriately fill
the space.

* Remove openssl install step in canister tests CI job (#1896)

Remove openssl install step in canister tests CI step

* Update dapps list (#1894)

Update dapps

Co-authored-by: gix-bot <[email protected]>

* Add basic e2e test for PIN protected key registration (#1901)

This adds the first basic e2e tests for the PIN registration feature.

* Add PIN login e2e test (#1904)

* Add PIN login e2e test

This PR expands the previous test to also
include a login scenario. In addtion, the asserts are
improved to now check that the temp key / passkey is listed
in the correct section.

* Add separate recovery section

* Remove recovery phrase warning banner (#1905)

The recovery phrase warning banner is no longer justified as the
domain migration has been put on hold. In addition, a bug (the banner
being added twice) has been reported.

The simplest solution to address this is to simply remove the banner.
There are other nag screens / warnings still in place.

* Update node version (#1903)

Co-authored-by: gix-bot <[email protected]>

* HTML Semantic & CSS Changes for pin workflow (#1906)

* clean up  pinInput component CSS

* change the semantics of pinInfo

* add more space on top of button

* make the mainwindow narrow instead of restricting its content using max-width

* re-add missing error color on pin

* add a bunch of spaces before buttons

* adds icon to temporary keys

* authenticatorItem now takes an optional icon

* Fix being prompted for PIN input after temporary key is removed (#1907)

When deleting the temporary key from the identity, the key remains
in browser storage. This leads to the awkward situation of the browser
still prompting for the PIN even if subsequent authentication will fail.

This PR introduces a check, that the browser will only use the PIN protected
key if the public key is still present on the identity.

* Improve confirm pin flow on pin mismatch (#1908)

Previously, if the pin on the confirmation page did not
match the previous input the only option was to cancel and
start over. This is a very bad user experience.

The behaviour is replaced with a mechanism that replaces the
cancel button with a retry button that sends the user to the
previous page.

* Add more e2e tests for non-passkey auth (#1909)

* Add more e2e test for non-passkey auth

This PR adds more e2e tests for the PIN auth feature:
* Login attempt with wrong PIN first
* PIN registration during auth flow
* auth into client application after PIN registration

* Implement review feedback

* Extract wrongPin variable

* Add header slot to warn box (#1912)

Extends the `warnBox` helper with a slot to add some template
next to the exclamation mark icon.

The PR will make the helper usable in more contexts relate to
the non-passkey auth feature.

* Use warnbox helper for temp key warning (#1913)

This PR replaces the custom markup of the temp key warning with
the `warnBox` helper.

* Make action on temp key warning optional (#1915)

This allows using the temp key warning in contexts that
do not offer a button / action to take.

* Add temp key warning to registration success screen (#1916)

* Add temp key warning to registration success screen

This adds the temp key warning also to the registration success page.

* Rename slot to marketingIntroSlot

* Bump chromedriver (#1914)

The chrome version on the GitHub runners has changed. We need to update
the chromedriver accordingly.

* Add explanation paragraph to recovery method card (#1917)

This PR changes the recovery method card to be consistent with
the passkeys and temp keys cards:
* always show card border
* have a small explanatory text below the title

* Update rust version (#1919)

Co-authored-by: gix-bot <[email protected]>

* Revert "Update rust version" (#1920)

Revert "Update rust version (#1919)"

This reverts commit 7c57602.

* Update commit of IC artefacts (#1924)

Co-authored-by: gix-bot <[email protected]>

* Extract e2e test flow for recovery nag skipping (#1926)

This PR extracts a flow for recovery nag skipping in the e2e tests,
thus simplifying the code.

* Introduce release check for verify script (#1925)

This makes CI check the `verify-hash` script so that we get notified
if we break it.
It is not added to the canister tests workflow because it would increase
runtime.

* Extract e2e test flow for recovery with seed phrase (#1927)

This extracts the common recovery with seed phrase flow for the e2e tests.
This refactoring is done in preparation to changes to that flow
(so it requires change in only one place).

* Improve confusing comments (#1928)

* Improve confusing comments

This PR improves confusing comments surfaced in #1926.

* Improve comment

---------

Co-authored-by: gix-bot <[email protected]>
Co-authored-by: gix-bot <[email protected]>
Co-authored-by: David Aerne <[email protected]>
  • Loading branch information
4 people authored Sep 25, 2023
1 parent c3f2f23 commit cc8b1d9
Show file tree
Hide file tree
Showing 69 changed files with 2,003 additions and 515 deletions.
6 changes: 0 additions & 6 deletions .github/workflows/canister-tests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -337,12 +337,6 @@ jobs:
steps:
- uses: actions/checkout@v3

# Required by the ic-test-state-machine
- name: Install openssl (macos)
if: ${{ matrix.os == 'macos-latest' }}
run: |
brew install openssl@3
- name: Download nextest
run: |
set -euo pipefail
Expand Down
55 changes: 48 additions & 7 deletions .github/workflows/release-build-check.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,8 +17,8 @@ jobs:
latest-release:
outputs:
ref: ${{ steps.release.outputs.ref }}
prod_sha256: ${{ steps.release.outputs.prod_sha256 }}
dev_sha256: ${{ steps.release.outputs.dev_sha256 }}
ii_prod_sha256: ${{ steps.release.outputs.ii_prod_sha256 }}
archive_sha256: ${{ steps.release.outputs.archive_sha256 }}
runs-on: ubuntu-latest
steps:
- name: Get latest release information
Expand All @@ -32,14 +32,18 @@ jobs:
exit 1
fi
curl --silent -SL "https://github.com/dfinity/internet-identity/releases/download/$latest_release_ref/internet_identity_production.wasm.gz" -o internet_identity_production.wasm.gz
latest_prod_release_sha256=$(shasum -a 256 ./internet_identity_production.wasm.gz | cut -d ' ' -f1)
curl --silent -SL "https://github.com/dfinity/internet-identity/releases/download/$latest_release_ref/archive.wasm.gz" -o archive.wasm.gz
latest_release_ii_prod_sha256=$(shasum -a 256 ./internet_identity_production.wasm.gz | cut -d ' ' -f1)
latest_release_archive_sha256=$(shasum -a 256 ./archive.wasm.gz | cut -d ' ' -f1)
echo latest release is "$latest_release_ref"
echo latest prod release sha256 is "$latest_prod_release_sha256"
echo latest prod release sha256 is "$latest_release_ii_prod_sha256"
echo latest archive release sha256 is "$latest_release_archive_sha256"
echo "ref=$latest_release_ref" >> "$GITHUB_OUTPUT"
echo "prod_sha256=$latest_prod_release_sha256" >> "$GITHUB_OUTPUT"
echo "ii_prod_sha256=$latest_release_ii_prod_sha256" >> "$GITHUB_OUTPUT"
echo "archive_sha256=$latest_release_archive_sha256" >> "$GITHUB_OUTPUT"
id: release

# Then perform the build, using the release as checkout
# Perform the clean build (non-docker), using the release as checkout
clean-build:
runs-on: ${{ matrix.os }}
needs: latest-release
Expand All @@ -54,7 +58,7 @@ jobs:
- uses: ./.github/actions/check-build
with:
# we check that ubuntu builds match the latest release build
sha256: ${{ startsWith(matrix.os, 'ubuntu') && needs.latest-release.outputs.prod_sha256 || '' }}
sha256: ${{ startsWith(matrix.os, 'ubuntu') && needs.latest-release.outputs.ii_prod_sha256 || '' }}

# Since the release build check is a scheduled job, a failure won't be shown on any
# PR status. To notify the team, we send a message to our Slack channel on failure.
Expand All @@ -64,3 +68,40 @@ jobs:
with:
WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
MESSAGE: "Release build check failed"

# Verify the hash using the verify-hash script, using the release as checkout.
# This runs the build using docker and should work on all platforms.
verify-build-dockerized:
runs-on: ${{ matrix.os }}
needs: latest-release
strategy:
matrix:
os: [ ubuntu-22.04, ubuntu-20.04, macos-11, macos-12 ]
steps:
- uses: actions/checkout@v3
with:
ref: "refs/tags/${{ needs.latest-release.outputs.ref }}"

- name: Setup docker (missing on MacOS)
if: runner.os == 'macos'
run: |
brew install docker
brew install docker-buildx
# The following 2 commands are taken from the post install instructions printed by `brew install docker-buildx`
mkdir -p ~/.docker/cli-plugins
ln -sfn /usr/local/opt/docker-buildx/bin/docker-buildx ~/.docker/cli-plugins/docker-buildx
colima start
- name: "Verify Hash"
id: dfx-metadata
run: |
./scripts/verify-hash --ii-hash ${{ needs.latest-release.outputs.ii_prod_sha256 }} --archive-hash ${{ needs.latest-release.outputs.archive_sha256 }}
# Since the release build check is a scheduled job, a failure won't be shown on any
# PR status. To notify the team, we send a message to our Slack channel on failure.
- name: Notify Slack on failure
uses: ./.github/actions/slack
if: ${{ failure() }}
with:
WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
MESSAGE: "Verify hash check failed"
7 changes: 6 additions & 1 deletion .github/workflows/update-dapps.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,15 +12,20 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: ./.github/actions/setup-node
- run: npm ci

# Run the update
- name: Check new dapps file
id: update
run: ./scripts/update-dapps

# Run the formatter so that the dapps.json file is formatted
- run: npm run format

# If the dapps changed, create a PR.
# This action creates a PR only if there are changes.
- name: Create Pull Request
if: ${{ steps.update.outputs.updated == '1' }}
uses: peter-evans/create-pull-request@v4
with:
token: ${{ secrets.GIX_BOT_PAT }}
Expand Down
2 changes: 1 addition & 1 deletion .ic-commit
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
# the commit used to pull the state machine executable
# see rust canister tests for more info
c74ce7317761e540d722d01fa6c26a046707f372
4918bb79b1ff24defeec0d596c60796688b5ddec
2 changes: 1 addition & 1 deletion .node-version
Original file line number Diff line number Diff line change
@@ -1 +1 @@
18.17.1
18.18.0
10 changes: 5 additions & 5 deletions demos/using-dev-build/package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion demos/using-dev-build/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
"@wdio/local-runner": "^8.6.9",
"@wdio/mocha-framework": "^8.6.8",
"@wdio/spec-reporter": "^8.6.8",
"chromedriver": "^115.0.0",
"chromedriver": "^117.0.1",
"prettier": "^2.7.1",
"prettier-plugin-organize-imports": "^3.2.2",
"proxy": "git+https://github.com/nmattia/dfx-proxy",
Expand Down
4 changes: 3 additions & 1 deletion docker-test-env/docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -28,14 +28,16 @@ services:
# Selenium container with chromedriver and chrome
selenium:
# use the seleniarm image that provides multiple architecture variants including one for M1 chips
image: seleniarm/standalone-chromium:104.0
image: seleniarm/standalone-chromium:116.0
ports:
- "4444:4444" # port for the test runner to connect to chromedriver
- "7900:7900" # port to access the page to watch what chrome is doing (http://localhost:7900, pw is secret)
shm_size: '2gb' # allow more memory for chrome to actually render the pages
environment: # default number of sessions is 1. We need more because of flows involving multiple devices (which we simulate using parallel sessions).
- SE_NODE_OVERRIDE_MAX_SESSIONS=true
- SE_NODE_MAX_SESSIONS=5
- SCREEN_WIDTH=1920
- SCREEN_HEIGHT=1080
networks:
- ic
networks:
Expand Down
Loading

0 comments on commit cc8b1d9

Please sign in to comment.