Closed maximilianoertel closed 2 weeks ago
Status | Category | Percentage | Covered / Total |
---|---|---|---|
🔵 | Lines | 4.56% | 349 / 7647 |
🔵 | Statements | 4.5% | 380 / 8427 |
🔵 | Functions | 5.6% | 105 / 1872 |
🔵 | Branches | 2.32% | 107 / 4593 |
Visit the preview URL for this PR (updated for commit 3992f39):
https://roar-staging--pr832-ref-318-query-compos-qrqq44z0.web.app
(expires Mon, 07 Oct 2024 21:10:02 GMT)
🔥 via Firebase Hosting GitHub Action 🌎
Sign: 2631e9c58fd0104ecbfddd72a62245ddac467460
Passed #7550
•
3992f39b97: Component Tests for PR 832 "Fix consent modal race condition" from commit "3992f...
Project |
roar-dashboard-e2e
|
Branch Review |
ref/318/query-composables-consent-modals
|
Run status |
Passed #7550
|
Run duration | 01m 35s |
Commit |
3992f39b97: Component Tests for PR 832 "Fix consent modal race condition" from commit "3992f...
|
Committer | Maximilian Oertel |
View all properties for this run ↗︎ |
Test results | |
---|---|
Failures |
0
|
Flaky |
0
|
Pending |
0
|
Skipped |
0
|
Passing |
2
|
View all changes introduced in this branch ↗︎ |
@richford can you please take a look at this one and confirm whether the introduced changes in regards to error handling are okay? In other words: is it correct that a user should not be able to use the dashboard until their consent was given?
Proposed changes
This PR introduces changes to the consent logic to eliminate issues that were causing the consent forms to show even though consent had already been given. This was mostly caused by a race condition when user data was not yet fully loaded.
Additionally, this PR slightly improves error handling by adding a loading state to the consent acceptance button and adding an error toast in case of consent update failure.
Finally, this PR introduces
DOMPurify
to sanitize the markdown/html output rendered in the consent modal in order to reduce the possibility of an XSS attack.Important: The introduced error handling changes make the consent fully mandatory, blocking the user in case of consent update failure whilst beforehand the user could continue within the application despite the consent not being given.
Before
https://github.com/user-attachments/assets/4a1f6dd5-920f-4fd3-895b-3d77d6a5ffcb
After
https://github.com/user-attachments/assets/9891df01-d203-45ef-b399-29beff30e89c
https://github.com/user-attachments/assets/1446f9d7-9d21-48d3-814e-65c4423c1d39
Types of changes
Checklist
Justification of missing checklist items
n/a
Further comments
n/a
Ref https://github.com/yeatmanlab/roar/issues/318