Add updates to client trust #435
Conversation
📝 WalkthroughWalkthroughAdds a client-trust sign-in flow: a new SignIn.Status value NEEDS_CLIENT_TRUST; AuthState now maps that status to a new AuthDestination.SignInClientTrust; AuthView adds the SignInClientTrust destination and entry. Introduces SignInClientTrustView composable which delegates to SignInFactorCodeView for PHONE_CODE/EMAIL_CODE and shows a client-trust warning. SignInFactorCodeView gains an isClientTrust parameter and renders the warning when true. Adds a new string resource for the new-device prompt. Changes visibility of VerificationState and SignUpCodeField to public. Updates detekt baseline and adds a ConfigurationManager private method; .gitignore updated. Pre-merge checks❌ Failed checks (1 warning, 1 inconclusive)
✅ Passed checks (1 passed)
📜 Recent review detailsConfiguration used: Organization UI Review profile: CHILL Plan: Pro Disabled knowledge base sources:
📒 Files selected for processing (3)
🧰 Additional context used📓 Path-based instructions (1)**/*⚙️ CodeRabbit configuration file
Files:
🔇 Additional comments (3)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
b75ec4d to
29330bd
Compare
|
❌ Paparazzi found snapshot diffs.
|
There was a problem hiding this comment.
Actionable comments posted: 1
📜 Review details
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Disabled knowledge base sources:
- Linear integration is disabled by default for public repositories
You can enable these sources in your CodeRabbit configuration.
📒 Files selected for processing (7)
config/detekt/detekt-baseline.xml(1 hunks)source/api/src/main/kotlin/com/clerk/api/signin/SignIn.kt(1 hunks)source/ui/src/main/java/com/clerk/ui/auth/AuthState.kt(1 hunks)source/ui/src/main/java/com/clerk/ui/auth/AuthView.kt(3 hunks)source/ui/src/main/java/com/clerk/ui/signin/clienttrust/SignInClientTrustView.kt(1 hunks)source/ui/src/main/java/com/clerk/ui/signin/code/SignInFactorCodeView.kt(5 hunks)source/ui/src/main/res/values/strings.xml(1 hunks)
🚧 Files skipped from review as they are similar to previous changes (4)
- source/ui/src/main/res/values/strings.xml
- source/ui/src/main/java/com/clerk/ui/auth/AuthState.kt
- source/ui/src/main/java/com/clerk/ui/auth/AuthView.kt
- config/detekt/detekt-baseline.xml
🧰 Additional context used
📓 Path-based instructions (1)
**/*
⚙️ CodeRabbit configuration file
If there are no tests added or modified as part of the PR, please suggest that tests be added to cover the changes.
**/*: Only comment on issues that would block merging, ignore minor or stylistic concerns.
Restrict feedback to errors, security risks, or functionality-breaking problems.
Do not post comments on code style, formatting, or non-critical improvements.
Keep reviews short: flag only issues that make the PR unsafe to merge.
Group similar issues into a single comment instead of posting multiple notes.
Skip repetition: if a pattern repeats, mention it once at a summary level only.
Do not add general suggestions, focus strictly on merge-blocking concerns.
If there are no critical problems, respond with minimal approval (e.g., 'Looks good'). Do not add additional review.
Avoid line-by-line commentary unless it highlights a critical bug or security hole.
Highlight only issues that could cause runtime errors, data loss, or severe maintainability issues.
Ignore minor optimization opportunities, focus solely on correctness and safety.
Provide a top-level summary of critical blockers rather than detailed per-line notes.
Comment only when the issue must be resolved before merge, otherwise remain silent.
When in doubt, err on the side of fewer comments, brevity and blocking issues only.
Avoid posting any refactoring issues.
Files:
source/api/src/main/kotlin/com/clerk/api/signin/SignIn.ktsource/ui/src/main/java/com/clerk/ui/signin/code/SignInFactorCodeView.ktsource/ui/src/main/java/com/clerk/ui/signin/clienttrust/SignInClientTrustView.kt
🧬 Code graph analysis (2)
source/ui/src/main/java/com/clerk/ui/signin/code/SignInFactorCodeView.kt (1)
source/ui/src/main/java/com/clerk/ui/signin/clienttrust/SignInClientTrustView.kt (1)
ClientTrustWarningMessage(66-75)
source/ui/src/main/java/com/clerk/ui/signin/clienttrust/SignInClientTrustView.kt (3)
source/ui/src/main/java/com/clerk/ui/theme/ClerkComposeTheme.kt (1)
ClerkThemeOverrideProvider(53-58)source/ui/src/main/java/com/clerk/ui/signin/code/SignInFactorCodeView.kt (1)
SignInFactorCodeView(53-71)source/ui/src/main/java/com/clerk/ui/auth/AuthState.kt (1)
PreviewAuthStateProvider(166-170)
🔇 Additional comments (2)
source/ui/src/main/java/com/clerk/ui/signin/code/SignInFactorCodeView.kt (1)
58-58: Add tests for the client trust verification flow.This PR introduces significant new functionality (new status, navigation destination, UI components) without accompanying tests. Please add unit or integration tests to cover the client trust verification path.
source/ui/src/main/java/com/clerk/ui/signin/clienttrust/SignInClientTrustView.kt (1)
55-55: No action needed.SignInGetHelpViewis a support/help view for unsupported strategies, not an authentication path. It intentionally does not accept theonAuthCompletecallback because it doesn't handle authentication completion—it only provides a way to contact support via email. The current implementation is correct.Likely an incorrect or invalid review comment.
| /** Client trust verification is required. */ | ||
| @SerialName("needs_client_trust") NEEDS_CLIENT_TRUST, |
There was a problem hiding this comment.
🛠️ Refactor suggestion | 🟠 Major
Add tests for the new NEEDS_CLIENT_TRUST status.
The enum addition looks correct, but no tests were included in this review. Please add tests to verify:
- Serialization/deserialization of the new status value
- Handling of this status in the sign-in flow
🤖 Prompt for AI Agents
In source/api/src/main/kotlin/com/clerk/api/signin/SignIn.kt around lines 191 to
192, the new enum value NEEDS_CLIENT_TRUST was added but there are no tests
covering it; add unit tests that (1) verify JSON serialization and
deserialization of the NEEDS_CLIENT_TRUST enum value (round-trip encode->decode
produces the same enum and the serialized string equals "needs_client_trust"),
and (2) exercise the sign-in flow behavior when a response/state returns
NEEDS_CLIENT_TRUST (mock the sign-in service or controller to return this status
and assert the downstream handling, e.g. that the controller maps it to the
expected HTTP response/redirect or that the state machine transitions
appropriately). Place serialization tests alongside existing SignIn
enum/serialization tests (e.g. in test/kotlin/com/clerk/api/signin/) and place
sign-in flow tests with the sign-in controller/service tests, using existing
test fixtures/mocks and assertions to mirror other status tests.
…ation and sign-up code fields
* Add updates to client trust * refactor: change internal interfaces to public visibility for verification and sign-up code fields
Summary of changes
This pull request adds support for client trust verification during sign-in, which is required when a user signs in from a new or untrusted device. It introduces a new UI flow for client trust, updates navigation and state handling, and enhances the code verification screen with contextual warnings.
Client Trust Verification Feature:
NEEDS_CLIENT_TRUSTto theSignIn.Statusenum to represent the requirement for client trust verification.AuthState,AuthDestination, andAuthView) to handle the new client trust status and route users to the appropriate UI. [1] [2] [3] [4]User Interface Enhancements:
SignInClientTrustViewcomposable, which displays a warning message and code input for client trust verification, delegating to the appropriate code or help views based on the verification strategy.SignInFactorCodeViewto accept anisClientTrustflag and display a contextual warning message when client trust verification is required. [1] [2] [3] [4] [5]Localization:
Code Quality and Baseline Updates:
Summary by CodeRabbit
New Features
UI
✏️ Tip: You can customize this high-level summary in your review settings.