Add button to reset access keys

[zackkatz]

• Needs double opt-in, like GitHub "DELETE" dialog
• The double opt-in MUST NOT process if the dialog doesn't load. Too many times there are JS errors on a site.

When successful:

• Pings the SaaS will be notified that a reset has occurred.
• Regenerates the encryption keys.

[inztinkt]

The double opt-in MUST NOT process if the dialog doesn't load. Too many times there are JS errors on a site.

Can you show me a screenshot of the GH dialog? Want to confirm if we're using an alert/modal or inline notice.

[zackkatz]

@inztinkt

1. Have "Danger Zone"-like section

2. Button shows modal

• The modal requires typing confirmation text.
• The confirm button is disabled until the confirmation text is typed in properly

3. Forces confirm password

Not sure this would work in WP, but it's one more step, since this is a big change. I think this prevents a "person walked away from their computer without locking the screen" attack.

4. Show confirmation that the [keys were cycled]

[inztinkt]

@zackkatz For Step 3, should they be asked to log back into their WP site or TL SaaS?

[zackkatz]

@inztinkt For now, let's skip Step 3 and make sure to check nonces when completing the cycling.

[inztinkt]

@zackkatz Should 'danger zone' go on the bottom of the settings page or on it's own settings page?

[inztinkt]

@zackkatz I've built this to leverage the browsers' usual confirm dialogue.

I can certainly add the secondary confirmation and warning if you'd like. Just need to confirm what the UX/output/etc should contain and if you want it in a modal/alert/etc.

[zackkatz]

@zackkatz Should 'danger zone' go on the bottom of the settings page or on it's own settings page?

Let's wait for Tracy to weigh in on this.

[zackkatz]

Closing for now—it'll need redesign.