✨ New OpenID first login UX

[lelemm]

Changed the first login with OpenID UX:

• Password validation so the user can only review the openid (on first login) if it has the credentials for it
• Password validation for the first user login with openid to eliminate racing condition of the first user

Steps to test this.

• Clone my branch
• run yarn
• run rm -rf packages/sync-server/server-files to delete all server files
• run rm packages/sync-server/.migrate to delete old migrations
• run yarn start:server-dev
• Open localhost:5006
• Enable feature flag for OpenID
• Enable OpenId (to make easier to test, use passwordless.id provider)
• Ctrl+f5 to ensure that you don't have the frontend cached
• Test this new form.
  • You should only be able to review openid configurations using the server password (avoiding bad actors)
  • You should only be able to login as first user after inserting the server password (avoiding bad actors)

[netlify]

✅ Deploy Preview for actualbudget ready!

Name	Link
🔨 Latest commit	37c70a2
🔍 Latest deploy log	https://app.netlify.com/sites/actualbudget/deploys/67e299be11456b000863e353
😎 Deploy Preview	https://deploy-preview-4446.demo.actualbudget.org
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[lelemm]

/update-vrt

[github-actions]

Bundle Stats — desktop-client

Hey there, this message comes from a GitHub action that helps you and reviewers to understand how these changes affect the size of this project's bundle.

As this PR is updated, I'll keep you updated on how the bundle size is impacted.

Total

Files count	Total bundle size	% Changed
18	8.5 MB → 8.5 MB (+3.93 kB)	+0.05%

Changeset

File	Δ	Size
node_modules/clsx/dist/clsx.js	🆕 +509 B	0 B → 509 B
node_modules/clsx/dist/clsx.js?commonjs-module	🆕 +27 B	0 B → 27 B
src/components/manager/subscribe/Login.tsx	📈 +3.8 kB (+39.22%)	9.68 kB → 13.48 kB
home/runner/work/actual/actual/packages/component-library/src/Input.tsx	📈 +242 B (+14.90%)	1.59 kB → 1.82 kB
src/components/manager/subscribe/ConfirmPasswordForm.tsx	📈 +30 B (+0.61%)	4.8 kB → 4.83 kB
node_modules/react-grid-layout/build/ReactGridLayout.js	📉 -1 B (-0.00%)	24.96 kB → 24.96 kB
node_modules/react-grid-layout/build/GridItem.js	📉 -1 B (-0.00%)	21.49 kB → 21.49 kB
node_modules/react-grid-layout/build/components/WidthProvider.js	📉 -1 B (-0.02%)	5.22 kB → 5.22 kB
src/components/manager/subscribe/OpenIdForm.tsx	📉 -234 B (-1.55%)	14.73 kB → 14.5 kB
node_modules/clsx/dist/clsx.mjs	🔥 -368 B (-100%)	368 B → 0 B
node_modules/clsx/dist/clsx.mjs?commonjs-proxy	🔥 -64 B (-100%)	64 B → 0 B

View detailed bundle breakdown

Added

No assets were added

Removed

No assets were removed

Bigger

Asset	File Size	% Changed
static/js/index.js	5.5 MB → 5.51 MB (+4 kB)	+0.07%

Smaller

Asset	File Size	% Changed
static/js/ReportRouter.js	1.59 MB → 1.59 MB (-67 B)	-0.00%

Unchanged

Asset	File Size	% Changed
static/js/en-GB.js	5.37 kB	0%
static/js/de.js	121.27 kB	0%
static/js/resize-observer.js	18.37 kB	0%
static/js/es.js	65.71 kB	0%
static/js/indexeddb-main-thread-worker-e59fee74.js	13.5 kB	0%
static/js/uk.js	110.59 kB	0%
static/js/workbox-window.prod.es5.js	5.69 kB	0%
static/js/fr.js	128.02 kB	0%
static/js/en.js	110.12 kB	0%
static/js/nl.js	102.79 kB	0%
static/js/pt-BR.js	120.98 kB	0%
static/js/BackgroundImage.js	122.29 kB	0%
static/js/useAccountPreviewTransactions.js	1.69 kB	0%
static/js/AppliedFilters.js	10.87 kB	0%
static/js/wide.js	112.23 kB	0%
static/js/narrow.js	383.22 kB	0%

[github-actions]

Bundle Stats — loot-core

Hey there, this message comes from a GitHub action that helps you and reviewers to understand how these changes affect the size of this project's bundle.

As this PR is updated, I'll keep you updated on how the bundle size is impacted.

Total

Files count	Total bundle size	% Changed
1	2.28 MB → 2.28 MB (+384 B)	+0.02%

Changeset

File	Δ	Size
packages/loot-core/src/server/main.ts	📈 +569 B (+1.63%)	34.11 kB → 34.67 kB

View detailed bundle breakdown

Added

No assets were added

Removed

No assets were removed

Bigger

Asset	File Size	% Changed
kcab.worker.js	2.28 MB → 2.28 MB (+384 B)	+0.02%

Smaller

No assets were smaller

Unchanged

No assets were unchanged

[coderabbitai]

Walkthrough

The changes encompass modifications to both UI components and server-side authentication processes. In the desktop client, the ConfirmOldPasswordForm function is updated to include an optional style parameter for dynamic styling. The OpenIdLogin component introduces new state variables for managing first-time login passwords and OpenID configuration data, while the OpenIdForm component now accepts OpenID configuration data directly via a new prop. On the server side, the get-openid-config handler has transitioned from a GET to a POST request, requiring a password parameter and enhancing error handling. Additionally, the sync-server now validates first-time login passwords through a new checkPassword function, with corresponding updates to login function calls and the /config endpoint, which now includes password verification. Lastly, the InputProps type in the Input component is now exported for broader accessibility.

Suggested labels

:sparkles: Merged

Suggested reviewers

• matt-fidd
• youngcw

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b1a62be and 37c70a2.

📒 Files selected for processing (3)

• packages/desktop-client/src/components/manager/subscribe/Login.tsx (12 hunks)
• packages/loot-core/src/server/main.ts (2 hunks)
• packages/loot-core/src/types/server-handlers.d.ts (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• packages/loot-core/src/types/server-handlers.d.ts

🧰 Additional context used

🧬 Code Definitions (1)

packages/loot-core/src/server/main.ts (3)

packages/loot-core/src/server/post.ts (1)

• post (35-90)

packages/loot-core/src/server/server-config.ts (1)

• getServer (37-58)

packages/loot-core/src/types/models/openid.d.ts (1)

• OpenIdConfig (1-8)

⏰ Context from checks skipped due to timeout of 90000ms (7)

• GitHub Check: Visual regression
• GitHub Check: Functional
• GitHub Check: build (windows-latest)
• GitHub Check: build (macos-latest)
• GitHub Check: build (ubuntu-latest)
• GitHub Check: Build Docker image (alpine)
• GitHub Check: Build Docker image (ubuntu)

🔇 Additional comments (8)

packages/loot-core/src/server/main.ts (1)

905-925: Improved security with password verification for OpenID configuration.

The handler now requires a password parameter and uses POST instead of GET, which enhances security by:

1. Ensuring only authorized users with correct password can access OpenID configuration
2. Preventing sensitive parameters from appearing in URL/logs (by using POST)
3. Improved error handling with more specific error messages

This aligns with the PR's objective of implementing password validation for OpenID credentials access.

packages/desktop-client/src/components/manager/subscribe/Login.tsx (7)

97-98: Good state management for the new password verification feature.

Adding state variables for openIdConfig and firstLoginPassword correctly manages both the user input and the fetched configuration data, separating concerns appropriately.

---

121-121: Password is now correctly passed during OpenID sign-in.

Including the password in the sign-in request is essential for implementing the first-login security validation described in the PR objectives.

---

147-157: User-friendly password input for first-time OpenID login.

The conditional rendering of the password input field when warnMasterCreation is true provides a good user experience by only showing the field when needed and clearly indicating its purpose with the placeholder text.

---

168-175: Enhanced UX with disabled button and context-aware text.

The submit button is appropriately disabled when a password is required but not provided, preventing invalid form submissions. The button text changes based on context to clearly indicate the action being taken (start using vs. sign in).

---

188-201: Secure access to OpenID configuration with password verification.

The "Review OpenID configuration" button now:

1. Requires a password for first-time users (disabled until password is entered)
2. Passes the password to the server for validation
3. Properly handles errors and updates the UI state

This implements the PR objective of ensuring users can only review OpenID credentials with the correct password.

---

214-249: Improved OpenID configuration review experience.

The updated OpenID form:

1. Clearly indicates its purpose with appropriate styling and text
2. Properly passes the retrieved configuration data to the form
3. Provides a cancel option that resets state
4. Maintains clean separation of concerns with the parent component

The addition of setFirstLoginPassword('') when canceling is particularly important to reset sensitive state.

---

379-415: Enhanced login method selection UI with improved accessibility.

The login method selection has been refactored to use a Popover and Menu component, which:

1. Provides a more modern and accessible UI pattern
2. Maintains a clean separation of methods
3. Only shows methods that aren't currently selected
4. Properly resets error state when changing methods

This is a good UI improvement that complements the OpenID login enhancements.

✨ Finishing Touches

• 📝 Generate Docstrings

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai plan to trigger planning for file edits and PR creation.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (3)

packages/sync-server/src/app-openid.js (1)

60-84: LGTM! The password validation and error handling look good.

The changes correctly implement password validation for the OpenID configuration endpoint and follow RESTful practices by using POST instead of GET.

Consider adding a more descriptive error message to help users understand why their password was invalid:

-    res.status(400).send({ status: 'error', reason: 'invalid-password' });
+    res.status(400).send({
+      status: 'error',
+      reason: 'invalid-password',
+      details: 'The provided password is incorrect'
+    });

packages/desktop-client/src/components/manager/subscribe/Login.tsx (2)

141-151: Add client-side password validation.

While the password is required for first-time login, there's no client-side validation of password strength. Consider adding password requirements feedback to enhance security and user experience.

 <BigInput
   autoFocus={true}
   placeholder={t('Enter server password')}
   type="password"
+  pattern="^(?=.*[A-Za-z])(?=.*\d)[A-Za-z\d]{8,}$"
+  title={t('Password must be at least 8 characters and include both letters and numbers')}
   onChangeValue={newValue => {
     setFirstLoginPassword(newValue);
   }}
   style={{ flex: 1 }}
 />

---

183-195: Add loading state during OpenID configuration fetch.

The configuration review button should show a loading state while fetching the OpenID configuration to provide better user feedback.

+const [isLoading, setIsLoading] = useState(false);

 onPress={() => {
+  setIsLoading(true);
   send('get-openid-config', {
     password: firstLoginPassword,
   }).then(config => {
     if ('error' in config) {
       setError(config.error);
     } else if ('openId' in config) {
       setError(null);
       setOpenIdConfig(config.openId);
       setReviewOpenIdConfiguration(true);
     }
+    setIsLoading(false);
   });
 }}
+isLoading={isLoading}

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f413fa0 and 4918a85.

⛔ Files ignored due to path filters (1)

• upcoming-release-notes/4446.md is excluded by !**/*.md

📒 Files selected for processing (9)

• packages/desktop-client/src/components/manager/subscribe/ConfirmPasswordForm.tsx (2 hunks)
• packages/desktop-client/src/components/manager/subscribe/Login.tsx (7 hunks)
• packages/desktop-client/src/components/manager/subscribe/OpenIdForm.tsx (3 hunks)
• packages/loot-core/src/server/main.ts (1 hunks)
• packages/loot-core/src/types/server-handlers.d.ts (1 hunks)
• packages/sync-server/src/accounts/openid.js (3 hunks)
• packages/sync-server/src/accounts/password.js (1 hunks)
• packages/sync-server/src/app-account.js (1 hunks)
• packages/sync-server/src/app-openid.js (3 hunks)

🧰 Additional context used

🪛 Biome (1.9.4)

packages/loot-core/src/server/main.ts

[error] 1290-1291: This is an unexpected use of the debugger statement.

Unsafe fix: Remove debugger statement

(lint/suspicious/noDebugger)

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: Build Docker image (alpine)

🔇 Additional comments (9)

packages/sync-server/src/accounts/password.js (1)

126-148: LGTM! The password validation implementation is secure and follows best practices.

The function correctly:

• Validates password format
• Retrieves password hash securely
• Uses bcrypt for password comparison

packages/desktop-client/src/components/manager/subscribe/ConfirmPasswordForm.tsx (1)

98-102: LGTM! The style customization follows React best practices.

The optional style parameter with null default and spread operator usage is correct.

Also applies to: 129-129

packages/sync-server/src/accounts/openid.js (1)

77-80: LGTM! The password parameter addition enhances security.

The optional parameter with empty string default is appropriate for backward compatibility.

packages/loot-core/src/types/server-handlers.d.ts (1)

292-298: LGTM! The type definition correctly reflects the new password requirement.

The updated method signature properly enforces the password parameter while maintaining the existing return type structure.

packages/desktop-client/src/components/manager/subscribe/OpenIdForm.tsx (2)

28-28: LGTM! The prop type correctly reflects the new data flow.

The openIdData prop is properly typed as optional and uses the OpenIdConfig type.

---

67-73: LGTM! The effect correctly handles the provided OpenID data.

The implementation safely accesses properties using nullish coalescing and properly updates the form state.

packages/loot-core/src/server/main.ts (1)

1288-1309: LGTM! The handler correctly implements password validation.

The implementation:

• Properly accepts and validates the password parameter
• Makes a POST request to the correct endpoint
• Includes the user token in headers
• Handles errors appropriately

🧰 Tools

🪛 Biome (1.9.4)

[error] 1290-1291: This is an unexpected use of the debugger statement.

Unsafe fix: Remove debugger statement

(lint/suspicious/noDebugger)

packages/desktop-client/src/components/manager/subscribe/Login.tsx (2)

21-21: LGTM: New imports and state variables are well-defined.

The new state variables and imports are properly typed and align with the PR objectives for implementing password validation during first-time OpenID login.

Also applies to: 91-92

---

364-370: LGTM: Improved login methods organization.

The conditional rendering of login methods is now more organized and maintainable. The separation of concerns between different login methods is well-implemented.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

packages/desktop-client/src/components/manager/subscribe/Login.tsx (2)

142-152: Consider adding password validation requirements.

While the password input is implemented correctly, consider adding validation requirements (minimum length, complexity, etc.) to ensure secure passwords for server owners.

 <Input
   autoFocus={true}
   placeholder={t('Enter server password')}
   type="password"
+  minLength={8}
+  pattern="^(?=.*[A-Za-z])(?=.*\d)[A-Za-z\d]{8,}$"
+  title={t('Password must be at least 8 characters and contain both letters and numbers')}
   onChangeValue={newValue => {
     setFirstLoginPassword(newValue);
   }}
   style={{ flex: 1 }}
 />

---

184-196: Add loading state during OpenID configuration fetch.

The configuration fetch operation lacks a loading indicator, which might lead to a poor user experience if the server response is slow.

+const [isLoading, setIsLoading] = useState(false);

 <Button
   variant="bare"
   isDisabled={firstLoginPassword === '' && warnMasterCreation}
   onPress={() => {
+    setIsLoading(true);
     send('get-openid-config', {
       password: firstLoginPassword,
     }).then(config => {
       if ('error' in config) {
         setError(config.error);
       } else if ('openId' in config) {
         setError(null);
         setOpenIdConfig(config.openId);
         setReviewOpenIdConfiguration(true);
       }
+      setIsLoading(false);
     });
   }}
   style={{ marginTop: 5 }}
 >
+  {isLoading ? (
+    <AnimatedLoading style={{ width: 16, height: 16 }} />
+  ) : (
     <Trans>Review OpenID configuration</Trans>
+  )}
 </Button>

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4918a85 and 6f5585e.

📒 Files selected for processing (1)

• packages/desktop-client/src/components/manager/subscribe/Login.tsx (10 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (7)

• GitHub Check: build (macos-latest)
• GitHub Check: build (windows-latest)
• GitHub Check: Analyze
• GitHub Check: build (ubuntu-latest)
• GitHub Check: Build Docker image (alpine)
• GitHub Check: Wait for Netlify build to finish
• GitHub Check: Build Docker image (ubuntu)

🔇 Additional comments (3)

packages/desktop-client/src/components/manager/subscribe/Login.tsx (3)

7-8: LGTM! New imports and state variables are well-structured.

The new imports and state variables are properly organized and align with the PR's objective of enhancing the OpenID first login UX.

Also applies to: 20-20, 23-24, 92-93

---

363-398: LGTM! Login method selection UI is well-implemented.

The new login method selection UI using Popover and Menu components provides a better user experience while maintaining proper state management and error handling.

---

16-16:

✅ Verification successful

Verify OpenID configuration type structure.

Ensure that the OpenID configuration type (OpenIdConfig) properly defines all required fields for secure OpenID authentication.

Also applies to: 92-92, 219-219

---

🏁 Script executed:

#!/bin/bash
# Description: Check OpenID configuration type definition
ast-grep --pattern 'type OpenIdConfig = {
  $$$
}'

Length of output: 553

---

OpenID Config Structure Verified

The OpenID configuration type (OpenIdConfig) in packages/loot-core/src/types/models/openid.d.ts includes all the required fields—selectedProvider, issuer, client_id, client_secret, and server_hostname—and meets our security criteria. No further changes are needed; just ensure that all references (including at lines 92 and 219) consistently use this definition.

[lelemm]

/update-vrt

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6f5585e and 36c3f42.

📒 Files selected for processing (3)

• packages/desktop-client/src/components/common/Input.tsx (3 hunks)
• packages/desktop-client/src/components/manager/subscribe/Login.tsx (12 hunks)
• packages/desktop-client/src/components/manager/subscribe/OpenIdForm.tsx (10 hunks)

🧰 Additional context used

🪛 GitHub Check: lint

packages/desktop-client/src/components/manager/subscribe/OpenIdForm.tsx

[warning] 19-19:
../../common/Input import should occur before import of ../../common/Link

---

[warning] 20-20:
../../responsive/ResponsiveProvider import should occur before import of ../../ServerContext

---

[failure] 221-221:
Insert ·

🪛 ESLint

packages/desktop-client/src/components/manager/subscribe/OpenIdForm.tsx

[error] 221-221: Insert ·

(prettier/prettier)

🪛 GitHub Actions: Test

packages/desktop-client/src/components/manager/subscribe/OpenIdForm.tsx

[warning] 19-19: ../../common/Input import should occur before import of ../../common/Link (import/order)

---

[warning] 20-20: ../../responsive/ResponsiveProvider import should occur before import of ../../ServerContext (import/order)

---

[error] 221-221: Insert · (prettier/prettier)

⏰ Context from checks skipped due to timeout of 90000ms (6)

• GitHub Check: build (windows-latest)
• GitHub Check: Build Docker image (alpine)
• GitHub Check: build (ubuntu-latest)
• GitHub Check: Wait for Netlify build to finish
• GitHub Check: Analyze
• GitHub Check: Build Docker image (ubuntu)

🔇 Additional comments (18)

packages/desktop-client/src/components/common/Input.tsx (3)

14-14: New import added to support responsive input component.

The import for useResponsive is appropriately placed and will be used by the new ResponsiveInput component.

---

26-26: Good change: exporting InputProps type.

Exporting the InputProps type improves reusability and allows for better type checking in components that use these inputs.

---

116-120: Well-implemented responsive input component.

The new ResponsiveInput component elegantly switches between BigInput and Input based on screen width. This improves the user experience on different device sizes, particularly for the OpenID login form.

packages/desktop-client/src/components/manager/subscribe/OpenIdForm.tsx (6)

29-29: Good API change: replacing loadData with openIdData.

Replacing the boolean loadData prop with a strongly-typed openIdData object improves the component API and makes the data flow more explicit.

---

67-74: Improved data handling for OpenID configuration.

The component now directly uses the provided configuration data rather than fetching it asynchronously. This is a better architectural approach that follows the principle of passing data through props.

---

137-144: Enhanced inputs with responsive behavior.

Replacing Input with ResponsiveInput improves the user experience on different device sizes.

---

172-179: Enhanced inputs with responsive behavior.

Replacing Input with ResponsiveInput for the Client ID field improves the user experience on different device sizes.

---

192-199: Enhanced inputs with responsive behavior.

Replacing Input with ResponsiveInput for the Client Secret field improves the user experience on different device sizes.

---

431-432: Enhanced select component with responsive styling.

Adding conditional styling based on screen width improves the user experience on mobile devices.

packages/desktop-client/src/components/manager/subscribe/Login.tsx (9)

66-73: Good migration to ResponsiveInput.

Replacing Input with ResponsiveInput for the password field makes the UI more responsive across different device sizes.

---

77-81: Enhanced button styling with responsive properties.

The button styling now adapts to screen size, ensuring a better user experience on mobile devices.

---

97-99: Good addition of state variables for OpenID login flow.

The new state variables effectively manage the OpenID configuration and first-time login password, which are crucial for the enhanced security flow.

---

121-121: Security enhancement: Password included in OpenID sign-in request.

Including the password in the sign-in request improves security by ensuring that only authenticated users can proceed with OpenID login, particularly for the first user.

---

139-157: Well-implemented password field for first-time OpenID login.

The conditional rendering of the password field for first-time login effectively addresses the security requirement to validate the user before allowing OpenID setup.

---

161-174: Good UX: Button state and text based on context.

The button is properly disabled when a password is required but not provided, and the text changes appropriately based on whether it's a first-time login.

---

188-201: Security enhancement: Password validation for OpenID configuration review.

Including the password in the request to fetch OpenID configuration prevents unauthorized access to sensitive configuration details.

---

214-249: Improved OpenIdForm integration.

The OpenIdForm now receives the configuration data directly as a prop rather than fetching it internally. The cancel button appropriately resets the state, including the password.

---

366-412: Enhanced login method selection UI.

The login method selection has been improved with a popover menu that clearly separates the active method from available alternatives. This enhances user experience by providing a cleaner interface.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

packages/desktop-client/src/components/manager/subscribe/Login.tsx (1)

218-218: Remove extra space in style property

There's an extra space after the 'bold' value which should be removed.

-              fontWeight: 'bold ',
+              fontWeight: 'bold',

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9cfa52b and 150da01.

📒 Files selected for processing (1)

• packages/desktop-client/src/components/manager/subscribe/Login.tsx (12 hunks)

🔇 Additional comments (8)

packages/desktop-client/src/components/manager/subscribe/Login.tsx (8)

96-97: Added new state variables for OpenID first login flow

These new state variables enhance the OpenID login experience by storing the OpenID configuration and password for first-time login scenarios. This matches the PR objective of implementing password validation during first login.

---

120-120: Password now included in OpenID sign-in request

Good addition of the password parameter to the sign-in request, which supports the PR objective of implementing password validation for first-time OpenID login.

---

146-156: Password input conditionally rendered for first-time login

The conditional rendering of the password input field when warnMasterCreation is true is well-implemented. This properly supports the PR objective of requiring password validation during first login with OpenID.

---

167-167: Button disabled when password is empty

Good UX enhancement to disable the login button when password is required but not provided, preventing submission of invalid forms.

---

169-173: Dynamic button text based on login scenario

The conditional text for the button improves user experience by clearly differentiating between first-time setup and regular sign-in.

---

187-200: Password validation for OpenID configuration review

This implementation correctly addresses the PR objective by requiring password verification before allowing users to review OpenID configuration during first login. The error handling is comprehensive.

---

238-238: Password state reset when cancelling

Good practice to reset the password state when cancelling the operation, preventing sensitive data from persisting in memory longer than necessary.

---

293-414: Improved login method selection UI

The login method selection has been enhanced with a dropdown menu using Popover and Menu components, which provides a more intuitive user experience compared to the previous implementation.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

packages/component-library/src/Input.tsx (1)

11-11: Fix import ordering.

The import of useResponsive should appear before the import of ./styles according to project conventions.

-import { styles, type CSSProperties } from './styles';
-import { theme } from './theme';
-import { useResponsive } from './hooks/useResponsive';
+import { useResponsive } from './hooks/useResponsive';
+import { styles, type CSSProperties } from './styles';
+import { theme } from './theme';

🧰 Tools

🪛 GitHub Check: lint

[warning] 11-11:
./hooks/useResponsive import should occur before import of ./styles

🪛 GitHub Actions: Test

[warning] 11-11: ./hooks/useResponsive import should occur before import of ./styles import/order

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 150da01 and 8631bec.

📒 Files selected for processing (3)

• packages/component-library/src/Input.tsx (3 hunks)
• packages/desktop-client/src/components/manager/subscribe/Login.tsx (12 hunks)
• packages/desktop-client/src/components/manager/subscribe/OpenIdForm.tsx (10 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• packages/desktop-client/src/components/manager/subscribe/Login.tsx

🧰 Additional context used

🪛 GitHub Check: lint

packages/component-library/src/Input.tsx

[warning] 11-11:
./hooks/useResponsive import should occur before import of ./styles

🪛 GitHub Actions: Test

packages/component-library/src/Input.tsx

[warning] 11-11: ./hooks/useResponsive import should occur before import of ./styles import/order

⏰ Context from checks skipped due to timeout of 90000ms (7)

• GitHub Check: build (macos-latest)
• GitHub Check: build (windows-latest)
• GitHub Check: build (ubuntu-latest)
• GitHub Check: Wait for Netlify build to finish
• GitHub Check: Analyze
• GitHub Check: Build Docker image (alpine)
• GitHub Check: Build Docker image (ubuntu)

🔇 Additional comments (12)

packages/component-library/src/Input.tsx (2)

23-30: LGTM! Enhanced type accessibility.

Making the InputProps type exported allows it to be reused in other components, improving modularity.

---

106-110: Good addition of responsive input component.

The ResponsiveInput component elegantly handles responsive rendering based on screen width, which will improve user experience across different devices.

packages/desktop-client/src/components/manager/subscribe/OpenIdForm.tsx (10)

6-7: LGTM! Added responsive functionality imports.

The addition of these imports enables responsive behavior in the form.

---

29-29: Improved data flow architecture.

Changed from a boolean flag that triggers data loading to directly passing the OpenID configuration data. This is a better pattern as it makes the component more predictable and testable.

---

49-52: LGTM! Enhanced component with responsive capabilities.

Adding the useResponsive hook enables the component to adapt to different screen sizes.

---

67-74: Simplified data handling.

The effect now directly uses the passed openIdData instead of making an API call. This streamlines the data flow and reduces unnecessary network requests.

---

137-144: Enhanced input with responsive behavior.

Replacing Input with ResponsiveInput improves the user experience across different screen sizes.

---

172-180: LGTM! Consistent use of responsive inputs.

Using ResponsiveInput consistently throughout the form ensures a cohesive user experience.

---

192-199: LGTM! Consistent use of responsive inputs.

Using ResponsiveInput consistently throughout the form ensures a cohesive user experience.

---

221-221: LGTM! Added responsive styling.

The conditional styling based on screen width enhances the user experience on smaller devices.

---

410-410: LGTM! Added responsive functionality to the provider selector.

Adding responsive capabilities to the provider selector component ensures consistent behavior across the form.

---

431-431: LGTM! Consistent responsive styling.

The conditional styling based on screen width is consistently applied across components.