Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(mobile): allow users to change contact details #1994

Merged
merged 3 commits into from
Feb 9, 2024
Merged

feat(mobile): allow users to change contact details #1994

merged 3 commits into from
Feb 9, 2024

Conversation

bonomat
Copy link
Contributor

@bonomat bonomat commented Feb 9, 2024
edited
Loading

resolves #1727

Simulator.Screen.Recording.-.iPhone.15.-.2024-02-09.at.08.54.01.mp4

@bonomat bonomat requested review from holzeis and luckysori February 9, 2024 07:56
@bonomat bonomat force-pushed the feat/change-username branch from 6c730b0 to e2afc08 Compare February 9, 2024 10:51
luckysori
luckysori approved these changes Feb 9, 2024
View reviewed changes
Copy link
Contributor

@luckysori luckysori left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Generally LGTM!

I think eventually we will want a bit more control over all the IDs the user might want to provide, but I like a simple approach for now.

coordinator/src/routes.rs Outdated
@@ -160,7 +161,11 @@ pub fn router(
.route("/api/orderbook/websocket", get(websocket_handler))
.route("/api/trade", post(post_trade))
.route("/api/rollover/:dlc_channel_id", post(rollover))
// Deprecated: we just keep it for backwards compatbility as otherwise old apps won't get
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
// Deprecated: we just keep it for backwards compatbility as otherwise old apps won't get
// Deprecated: we just keep it for backwards compatbility as otherwise old apps won't

mobile/lib/features/welcome/welcome_screen.dart Outdated
Comment on lines 147 to 149
if (!isEmailValid(value)) {
return 'Please enter a valid email address';
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we at least validate that it is not longer than a certain number of characters? I'm not too keen on letting users insert arbitrary stuff in the database.

mobile/native/src/trade/users/mod.rs
let client = reqwest_client();
let response = client
.get(format!(
"http://{}/api/users/{}",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be nice if we could cache this rather than sending a HTTP request every time the user opens the user settings.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I postpone this to once it is an issue :)

@bonomat
chore: remove unnecessary log message
6bdd52d 
This removes these messages (even though they are only on trace).

`Received event: Event.serviceHealthUpdate(field0: Instance of 'ServiceUpdate')`

Imho they don't add much value.
@bonomat
chore: remove unnecessary log message
da0c291 
This is just spam in the logs.
@bonomat
feat: allow user to change their contact details
1db3ebb 
Also, users can register with Nostr, email or telegram. Note there is no input validation so the user can put anything :)
@bonomat bonomat force-pushed the feat/change-username branch from e2afc08 to 1db3ebb Compare February 9, 2024 13:41
@bonomat bonomat enabled auto-merge February 9, 2024 13:42
holzeis
holzeis reviewed Feb 9, 2024
View reviewed changes
coordinator/src/routes.rs
.route("/api/register", post(post_register))
.route("/api/users", post(post_register))
.route("/api/users/:trader_pubkey", get(get_user))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔧 That api is concerning for me. If somebody learns about a users node id they can use this api to query user data.

I propose we either validate a users signature on that api or rather put that information into the authenticated message received by the app after a successful login. (there we already verify the users signature)

holzeis
holzeis reviewed Feb 9, 2024
View reviewed changes
coordinator/src/routes.rs
.route("/api/register", post(post_register))
.route("/api/users", post(post_register))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same here, anybody could use this api to update the contact details of a user.

@bonomat bonomat added this pull request to the merge queue Feb 9, 2024
Merged via the queue into main with commit 4866c80 Feb 9, 2024
9 checks passed
@bonomat bonomat deleted the feat/change-username branch February 9, 2024 14:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@holzeis holzeis holzeis left review comments

@luckysori luckysori luckysori approved these changes

Assignees

@bonomat bonomat

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add feature to add/update/detele an email
3 participants
@bonomat @holzeis @luckysori