-
-
Notifications
You must be signed in to change notification settings - Fork 829
Conversation
Covers the minimum of element-hq/element-web#7153 This does not handling automatically accepting/blocking widgets yet, however. This could lead to dialog irritation.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
2 comments, otherwise lgtm
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have read through your proposal snippet and the original issue. This is my first time looking at the code related to widgets, but I am hoping to understand it better through this review. 😄
|
||
// True to put the toggle in front of the label | ||
// Default false. | ||
toggleInFront: PropTypes.bool, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why do we sometimes want the opposite order?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm, well, technically it's fine. I'd suggest asking Nad if he would prefer only having one layout of toggles or if he agrees it seems better reversed as you've done it here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Summarizing the discussion from earlier today: We'll take care of this in element-hq/element-web#7566
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we are getting close! I'd like to know more about the user widgets first before approving.
throw new Error("No matching user widget to form security key"); | ||
} | ||
|
||
widgetLocation = userWidget.sender; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is the sender of a user widget always yourself? (That's what it seems to be for stickerpicker widget, at least...)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes, it has to be. They are stored in account data and other places enforce this assumption.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great, I think this looks good to me! 😁 Thanks for working through the security details with me.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm!
Fixes element-hq/element-web#7153
The proposal for this is part of https://github.com/matrix-org/matrix-doc/issues/1286. The relevant snippet (and therefore draft) is available here: https://gist.github.com/turt2live/669bbffe882c8541f057daeb29e18b86
As a proof of concept, I've also created a Dimension widget which does nothing more than report your user ID back to you - all without using the
scalar_token
provided in the query string, and without you having to configure your client to point at a Dimension instance.Testing procedure:
/devtools
, create anim.vector.modular.widgets
state event with state keyreauthwidget
and content of:creatorUserId
to be your user ID.To repeat the process, refresh the page. There's currently an unrelated bug that prevents reloading the widget from being enough to unstick the state: the whole page needs to be refreshed. This will be addressed in a different PR (#2799).
Source for the widget: https://github.com/turt2live/matrix-dimension/blob/master/web/app/widget-wrappers/reauth-example/reauth-example.component.ts
This is being PR'd as a community member: