Skip to content

Hide recovery key when prompting for verification #30471

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
andybalaam merged 2 commits into from
Aug 5, 2025
Merged

Hide recovery key when prompting for verification #30471

andybalaam merged 2 commits into from
Aug 5, 2025

Conversation

@andybalaam
Copy link
Member

@andybalaam andybalaam commented Aug 4, 2025

Improve one of the cases for Web described in element-hq/element-meta#2888

When prompting the user for a recovery key in order to verify (either on login or later), hide the key by default and allow the user to show it:

image image image

We do this by using the Compound PasswordInput component.

The designs for this are here: https://www.figma.com/design/ZodBLtGnKmRTGJo5SGLnH3/ER-137--Excluding-Insecure-Devices?node-id=102-43729&t=QmewENUd7f6Tmw9U-1

This PR does not bring us fully into line with the designs, but I think it is a step forward:

  • Improvement: hides the recovery key and allows showing it
  • Improvement: when the localazy PR is merged, shows the correct title "Enter your recovery key" instead of just "Recovery key"
  • Worse: restricts text entry to a single line
  • Still wrong: does not show the text "Recovery key" above the entry box
  • Still wrong: does not make the box text red when the recovery key is invalid

I think fixing the remaining problems would require creating a new Compound component, which is probably out of my scope for this task.

(With thanks to @meramsey for working on this under #30393 , which this PR supersedes.)

@andybalaam andybalaam added the T-Task Tasks for the team like planning label Aug 4, 2025
@andybalaam andybalaam mentioned this pull request Aug 4, 2025
Closed
4 tasks
@andybalaam
Copy link
Member Author

andybalaam commented Aug 4, 2025

Related: #30174

@andybalaam andybalaam force-pushed the andybalaam/hide-recovery-key branch from d1814e0 to 57238ee Compare August 4, 2025 09:37
@andybalaam andybalaam force-pushed the andybalaam/hide-recovery-key branch 2 times, most recently from 089d7c5 to c4f4705 Compare August 4, 2025 12:38
@andybalaam andybalaam force-pushed the andybalaam/hide-recovery-key branch 2 times, most recently from 5cf85eb to ceaae38 Compare August 4, 2025 15:51
@andybalaam andybalaam marked this pull request as ready for review August 4, 2025 16:03
@andybalaam andybalaam requested review from a team as code owners August 4, 2025 16:03
@andybalaam andybalaam requested review from dbkr, t3chguy and uhoreg August 4, 2025 16:03
t3chguy
t3chguy reviewed Aug 4, 2025
View reviewed changes
t3chguy
t3chguy reviewed Aug 4, 2025
View reviewed changes
uhoreg
uhoreg approved these changes Aug 4, 2025
View reviewed changes
Copy link
Member

@uhoreg uhoreg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks OK code-wise from a crypto standpoint. In the screenshots, it looks like the border around the input is missing sometimes, but I assume that's either a bad screenshot, or my computer is displaying it weirdly. (The screenshots look a bit blurry in general.)

@andybalaam
Copy link
Member Author

andybalaam commented Aug 5, 2025

In the screenshots, it looks like the border around the input is missing sometimes

Thanks, fixed in c6400ca

@andybalaam andybalaam force-pushed the andybalaam/hide-recovery-key branch from c6400ca to 0e192d9 Compare August 5, 2025 13:31
@andybalaam andybalaam enabled auto-merge August 5, 2025 13:31
@andybalaam andybalaam added this pull request to the merge queue Aug 5, 2025
Merged via the queue into develop with commit c1a163c Aug 5, 2025
35 checks passed
@andybalaam andybalaam deleted the andybalaam/hide-recovery-key branch August 5, 2025 15:18
@richvdh richvdh mentioned this pull request Aug 13, 2025
Merged
Dileep9999 pushed a commit to hemanth-nag/element-web that referenced this pull request Oct 8, 2025
@andybalaam
Hide recovery key when prompting for verification (element-hq#30471)
70d8565 
* Separate security_key_title from security_key_label since they differ in designs

See https://www.figma.com/design/ZodBLtGnKmRTGJo5SGLnH3/ER-137--Excluding-Insecure-Devices?node-id=92-8818&t=02JILBe2n7sx7ljU-1

In parallel with this, I have updated security_key_title in localazy.

* Hide recovery key on entry screen after login
@richvdh richvdh mentioned this pull request Oct 22, 2025
Open
snowping pushed a commit to Novaloop-AG/element-web that referenced this pull request Dec 30, 2025
@andybalaam @snowping
Hide recovery key when prompting for verification (element-hq#30471)
f39fd93 
* Separate security_key_title from security_key_label since they differ in designs

See https://www.figma.com/design/ZodBLtGnKmRTGJo5SGLnH3/ER-137--Excluding-Insecure-Devices?node-id=92-8818&t=02JILBe2n7sx7ljU-1

In parallel with this, I have updated security_key_title in localazy.

* Hide recovery key on entry screen after login
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@t3chguy t3chguy t3chguy left review comments

@dbkr dbkr dbkr approved these changes

@uhoreg uhoreg uhoreg approved these changes

Assignees

No one assigned

Labels

T-Task Tasks for the team like planning

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@andybalaam @dbkr @uhoreg @t3chguy