Add wantsauth handling to My Shots #2414
Comments
second time now that I've assigned this to myself, mistakenly thinking it was an addon bug :-P |
I suppose it is site-only, though the chance of it requiring add-on refactoring are relatively high. |
Aight, I'll take a swing at it. I've mostly avoided the site code up till now, but the usage of wantsauth seems straightforward. |
@ianb OK, I think I understand the issue here with the auth flow: shotindex/server checks for req.deviceId, but we can't lazily set the deviceId until server.js has actually rendered the page. What I don't understand is why we'd want the 404 page to handle the auth check: if you are a screenshots user, and get sent to someone else's bad screenshot URL, we wouldn't want to bounce you back to your shots, we'd want to leave you at that 404 page. Two suggestions / ideas: Might it make sense to change the refreshModel code on the search page to include updating the wantsauth state? That way, My Shots could just show an introductory "looking for your shots" gif if a user isn't logged in, then show shots when the user gets authed. Or, we could bounce un-authed users to an auth check page, oauth-style, where we'd just say something like "Logging you in, click here if this page doesn't refresh in N seconds...", do the wantsauth check, then either redirect from that page back to My Shots, or redirect to the landing page for non-screenshots users? |
Whether it's a 404 page or an empty/loading My Shots page, I guess doesn't matter? My Shots already has support to dynamically refresh itself, so we could make use of that... or reload. But, if I send the My Shots link to someone without Screenshots, they should get something other than a loading page, like a 404 or a bounce to the homepage. |
Cool, thanks. I guess I'll try something like this approach:
I'll try 5-10 sec as a wantsauth timeout on my ancient loaner windows laptop, see if that's a reasonable upper bound for older hardware. |
Note that we want to support other browsers soonish, so ideally the UA bounce would happen after a possible login. |
Fix #2414, lazily check auth state on My Shots page
In #2413 there is handling for authenticating requests after page load. But that ticket only works for individual shot pages, so if you haven't saved from Page Shot in a session and you visit My Shots you will appear unauthenticated.
To fix this we need to wire My Shots authentication failures to
wantsauth
. Right now My Shots redirects, but I would propose we change it to a 404. Then the 404 page should includewantsauth
and try to request authentication. If it does receive authentication then probably we could just reload the page, since the cookie is now set.The text was updated successfully, but these errors were encountered: