search

processing / p5.js-web-editor

The p5.js Editor is a website for creating p5.js sketches, with a focus on making coding accessible and inclusive for artists, designers, educators, beginners, and anyone else! You can create, share, or remix p5.js sketches without needing to download or configure anything.
https://editor.p5js.org
GNU Lesser General Public License v2.1
1.37k stars 1.32k forks source link

No indication that the current password entered is incorrect when changing password #2965

Closed Keshav-0907 closed 2 months ago

Keshav-0907 commented 8 months ago

Increasing Access

The addition of an alert for an invalid current password during the password reset process in the p5.js Web Editor would streamline user troubleshooting, enhance security, and boost overall confidence.

This improvement ensures users receive prompt feedback, guiding them to correct password entry efficiently, ultimately contributing to a more user-friendly and secure platform, thereby increasing access and user satisfaction.

Feature enhancement details

Issue Description

  1. Go to /account

When reseting the password, if the current password entered is invalid there's no indication that to show that something is wrong in the data entered by the user.

It is crucial to implement to display relevant alert/warning to inform users about the incorrect current password entry, ensuring a smoother and more secure password reset process.

https://github.com/processing/p5.js-web-editor/assets/91189139/f2e6549f-8281-4a69-8734-3d754c5971e7

Possible Solution

We can solve this by implementing a warning when the current password is wrong :

proposed

Keshav-0907 commented 8 months ago

@raclim if you find this issue relevant, could you assign it to me? Thanks!

lindapaiste commented 8 months ago

Good idea. I agree that there should be some sort of feedback here. Either a toast (we show a toast when it's updated successfully), an error on the form like you've shown, or both.

Just adding more info about the API call:

Request URL: https://editor.p5js.org/editor/account
Request Method: PUT
Status Code: 401 Unauthorized

response:

{
    "error": "Current password is invalid."
}

Here's the action that handles the API call. We show a toast on success but nothing on failure. https://github.com/processing/p5.js-web-editor/blob/2b993452f1b77dc1ddbe2d59e033d83056a1a0a8/client/modules/User/actions.js#L276-L288

We could add error toast handling to this action. We can also handle it in the component because you can await the response value from an async thunk action.

https://github.com/processing/p5.js-web-editor/blob/2b993452f1b77dc1ddbe2d59e033d83056a1a0a8/client/modules/User/components/AccountForm.jsx#L47-L49

The react-final-form package supports returning errors from the onSubmit handler. You can return an error for a specific property (currentPassword) or an overall form error. I have to check what our response.error object actually looks like (does it has the 401 status somewhere?) but we can do something along the lines of

async function onSubmit(formProps) {
  const response = await dispatch(updateSettings(formProps));
  if (response && response.error) {
    // return the error in the right format
  }
}
Keshav-0907 commented 8 months ago

Yes, we get a 401 status when the current password is invalid.

https://github.com/processing/p5.js-web-editor/blob/91e5b79069c7d38555082b6f25bd566b8dbf74af/server/controllers/user.controller.js#L344-L352

And I think toast for error handling would be a better choice, given that it aligns well with our current UI design, maintaining a cohesive and familiar user experience.

If you agree with the approach, could you please assign this issue to me?

I also tried implementing the toast for error handling. Here's a preview of how it looks:

https://github.com/processing/p5.js-web-editor/assets/91189139/f58ffa44-71a6-4bfa-9686-0b6ac3f7d511

Keshav-0907 commented 8 months ago

@lindapaiste Can you please review this PR ?