🔐 Require password confirmation for OpenPGP key replacement#1256
Draft
t2d wants to merge 6 commits into
Draft
Conversation
Co-authored-by: opencode <opencode@noreply.opencode.ai> Co-authored-by: GitHub Copilot <copilot@noreply.github.com>
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Move the account-password step out of the upload modal and into a visually distinct second overlay so it cannot be mistaken for the OpenPGP key's passphrase. The new overlay has its own icon, copy, and colour treatment and spells out that the field asks for the Userli account password, not the key's passphrase. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
t2d
force-pushed
the
feature/issue-1168-openpgp-replace-password
branch
from
25b6aa6 to
5a31080
Compare
- Name the default-exported class - Mark static targets as readonly - Replace void offsetHeight idiom with getBoundingClientRect() to force reflow Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
…odal
Restore the OpenPGP upload modal to upstream markup (no password field,
no "Continue" button) and lift the password-confirmation step into a
generic `_password_verification_modal.html.twig` partial used by both
the replace flow and all existing delete flows (alias, account, domain,
OpenPGP).
- New partial supports two modes:
* Standalone (default) — emits its own <form> with CSRF token and
POSTs to `modal_action`. Current delete flows keep working.
* External form — when `external_form_id` is set, the password input
and submit button are bound to a form elsewhere on the page via
HTML5 `form=` attributes.
- New `openpgp-replace` Stimulus controller extends the generic modal:
the "Replace" button fires `modal#open openpgp-replace#arm`; the
controller intercepts the next submit of the upload form and shows
this password modal, which then POSTs the upload payload together
with the account password via the HTML5 `form=` binding. Arming is
cleared on cancel / close or when the "Upload" button is used next.
- OpenPgpKeyType and its form model revert to upstream (no password
field). The controller now reads the password from the raw request
payload for the replace check.
- Copy tweaked to drop the product name ("Userli") and to not require
an email interpolation.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Why
Issue #1168 points out inconsistent protection in the OpenPGP flow. Replacing an existing key is a sensitive action and should require step-up authentication. Keeping the account-password field in the same panel as the key-upload fields risked users reading it as "the passphrase for the key you're about to upload" — the dedicated overlay spells out that it is the Userli account password instead.
Screenshots
Step 1 — key upload (unchanged fields, primary button now reads Continue):
Step 2 — account-password confirmation (only shown when replacing an existing key):
Testing
make phpunitmake vitestphp bin/behat --tags='@upload-openpgp-file-replace-valid-key,@upload-openpgp-file-replace-valid-key-password'(one scenario fails locally in this environment due to missing GPG binary)