feat: Client Trust #304
feat: Client Trust #304
Conversation
WalkthroughIntroduces client trust verification flow by adding a new sign-in status case, creating dedicated UI routing logic, and refactoring the factor code view to support three distinct modes (first factor, second factor, client trust) instead of a boolean flag. Changes
Estimated code review effortπ― 3 (Moderate) | β±οΈ ~25 minutes
Poem
Pre-merge checks and finishing touchesβ Failed checks (1 warning)
β Passed checks (2 passed)
β¨ Finishing touches
π§ͺ Generate unit tests (beta)
Comment |
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
Simulator.Screen.Recording.-.iPhone.Air.+.Watch.-.2025-12-18.at.11.30.37.mov |
|
@mikepitre Feel free to merge as you see fit. |
There was a problem hiding this comment.
Actionable comments posted: 0
π§Ή Nitpick comments (2)
Sources/Clerk/ClerkUI/Components/Auth/SignIn/SignInFactorCodeView.swift (2)
145-151: Client trust notification correctly implemented.The warning message is properly localized and styled with
theme.colors.warning. The implementation is functional and clear.Optional: Extract message to computed property
For better maintainability and DRY, consider extracting the message to a computed property:
+ var clientTrustNotice: LocalizedStringKey { + "You're signing in from a new device. We're asking for verification to keep your account secure." + } + var body: some View { ... if mode == .clientTrust { - Text("You're signing in from a new device. We're asking for verification to keep your account secure.", bundle: .module) + Text(clientTrustNotice, bundle: .module) .foregroundStyle(theme.colors.warning)
429-463: Well-implemented preview scenarios for client trust.The new preview sections correctly demonstrate the client trust flow:
- Properly instantiate with
mode: .clientTrust- Mock the appropriate second factor APIs (
prepareSecondFactor,attemptSecondFactor)- Provide visual validation for both email and phone code scenarios
The static analysis flags force tries (
try!) in the preview code. While acceptable in preview/test contexts, you could optionally replace them withtry?for consistency:- try! await Task.sleep(for: .seconds(1)) + try? await Task.sleep(for: .seconds(1))
π Review details
Configuration used: Repository UI
Review profile: CHILL
Plan: Pro
Disabled knowledge base sources:
- Linear integration is disabled by default for public repositories
You can enable these sources in your CodeRabbit configuration.
π Files selected for processing (3)
Sources/Clerk/ClerkUI/Components/Auth/SignIn/SignInClientTrustView.swift(1 hunks)Sources/Clerk/ClerkUI/Components/Auth/SignIn/SignInFactorCodeView.swift(7 hunks)Sources/Clerk/ClerkUI/Components/Auth/SignIn/SignInFactorTwoView.swift(1 hunks)
π§ Files skipped from review as they are similar to previous changes (1)
- Sources/Clerk/ClerkUI/Components/Auth/SignIn/SignInClientTrustView.swift
π§° Additional context used
𧬠Code graph analysis (1)
Sources/Clerk/ClerkUI/Components/Auth/SignIn/SignInFactorCodeView.swift (1)
Sources/Clerk/Models/SignIn/SignIn.swift (3)
attemptSecondFactor(235-238)attemptFirstFactor(199-202)prepareSecondFactor(216-219)
πͺ SwiftLint (0.57.0)
Sources/Clerk/ClerkUI/Components/Auth/SignIn/SignInFactorCodeView.swift
[Error] 433-433: Force tries should be avoided
(force_try)
[Error] 437-437: Force tries should be avoided
(force_try)
[Error] 451-451: Force tries should be avoided
(force_try)
[Error] 455-455: Force tries should be avoided
(force_try)
β° Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)
- GitHub Check: Build on all platforms (macCatalyst)
- GitHub Check: Build on all platforms (macOS)
- GitHub Check: Build on all platforms (iOS)
- GitHub Check: Build on all platforms (visionOS)
- GitHub Check: Build on all platforms (tvOS)
- GitHub Check: semgrep-cloud-platform/scan
π Additional comments (3)
Sources/Clerk/ClerkUI/Components/Auth/SignIn/SignInFactorTwoView.swift (1)
21-21: LGTM! Clean refactoring from boolean to enum.The change from
isSecondFactor: truetomode: .secondFactorimproves code clarity and aligns with the newFactorModeenum pattern introduced inSignInFactorCodeView.Sources/Clerk/ClerkUI/Components/Auth/SignIn/SignInFactorCodeView.swift (2)
27-46: LGTM! Excellent refactoring from boolean to enum.The
FactorModeenum is well-designed:
- Three semantic cases clearly express intent
usesSecondFactorAPIappropriately groupssecondFactorandclientTrustsince both use the same API endpoints- Default value of
.firstFactormaintains backward compatibilityThis improves code maintainability and makes future extensions easier.
223-235: Consistent and correct API selection logic.The use of
mode.usesSecondFactorAPIis applied consistently across:
- Navigation to "Use another method" (line 223)
- Prepare flows for email/phone codes (lines 301, 311)
- Attempt flows for email/phone codes (lines 355, 361)
The logic correctly branches between
prepareFirstFactor/attemptFirstFactorandprepareSecondFactor/attemptSecondFactorbased on the mode, ensuring client trust uses the second factor APIs as intended.Also applies to: 301-319, 355-365
This PR enables handling of the new
needs_client_trustsign-in status.Additionally, it adds:
NoticeText: Similar to ErrorText, with differing formatting.ClerkClientWarningmodel: Similar toClerkClientErrorbut does not rely on theError/LocalizedErrorfoundations.Summary by CodeRabbit
βοΈ Tip: You can customize this high-level summary in your review settings.