UI: [VAULT-19783] Set up root token warning modal #23277
Conversation
github-actions
bot
added
the
hashicorp-contributed-pr
|
CI Results: |
|
Build Results: |
| @@ -32,6 +32,15 @@ | |||
| </div> | |||
| </div> | |||
| <div class="namespace-list {{if this.isAnimating 'animated-list'}}"> | |||
| {{#if this.auth.isRootToken}} | |||
There was a problem hiding this comment.
I opted to follow what's being done in the user menu dropdown see here. hen we use AlertInline, with type warning the icon looks really small and styling gets a little wonky and with type compact the namespace picker dropdown gets pulled to the top (see attached images).
There was a problem hiding this comment.
Looks good to me! Just needs an updated changelog, and one question about the sticky flash message. I imagine this is going to just cause more people frustration and not lead to more people reading the message, unfortunately. It may be unnecessary to make it sticky since we have more information in the namespace picker now
| this.flashMessages.warning( | ||
| 'You have logged in with a root token. As a security precaution, this root token will not be stored by your browser and you will need to re-authenticate after the window is closed or refreshed.' | ||
| 'You have logged in with a root token. As a security precaution, this root token will not be stored by your browser and you will need to re-authenticate after the window is closed or refreshed.', | ||
| ENV.environment !== 'development' ? { sticky: true } : {} |
There was a problem hiding this comment.
Is making the flash message sticky necessary?
There was a problem hiding this comment.
This is the alternative we decided in UI sync last week instead of implementing a modal (since that seemed the most disruptive)
But - I'd agree that the overall issue is I think when users are logged out unexpectedly which happens 1. changing namespaces and 2. when we refresh internally
The dropdown alert solves number 1. For number 2 - we could revert the sticky flash message, or make it appear a little bit longer, in favor of tracking down and adding a warning to the "sneaky" times we log people out. What do you think?
There was a problem hiding this comment.
I thought the initial intent of the modal was to warn people after they have clicked a namespace link, before we transition them, to warn that they were about to be logged out due to using a root token. That seems to be where the most complaints have been, which corresponds to your 1 above.
For refreshing internally, it probably would be good to have at least an internal map of when that happens. I haven't heard as many complaints about that but if the longer-lived flash message was discussed to handle that case, that makes sense to me
There was a problem hiding this comment.
We discussed alternatives to the modal during ui sync last week because there was confusion on the original ask.
That's helpful context that most of the complaints were related to changing namespaces. I agree - the namespace picker feels sufficient.
We didn't discuss a longer-lived flash message, but perhaps that can be revisited (along with internal mapping of refreshing) if more user complaints come in after this change
There was a problem hiding this comment.
Amazing thanks Claire + Chelsea for the feedback! I just updated the changelog + removed the sticky from the flash message. If either one of you has time, could you take a look? :)
Description
New designs/ux for the root token warning.