- Issue created by @MrDaleSmith
- ๐ฎ๐ณIndia prashant.c Dharamshala
Prashant.c โ made their first commit to this issueโs fork.
- ๐ฎ๐ณIndia prashant.c Dharamshala
I agree with this, this message is kind of irrelevant here because we already have in bolds
Are you sure you want to log out?
and this is not something that cannot be undone, the user can always log in again.I would say a better thing would be to just not have this description at all.
- ๐ฎ๐ณIndia prashant.c Dharamshala
Prashant.c โ changed the visibility of the branch 3469116-new-user-logout to hidden.
- Status changed to Needs review
2 months ago 9:33am 20 August 2024 - ๐ฎ๐ณIndia prashant.c Dharamshala
In the original issue ๐ User logout is vulnerable to CSRF Fixed also the description is not shown https://www.drupal.org/files/issues/2024-03-26/Screenshot%202024-03-26%2... โ .
- ๐ฎ๐ณIndia prashant.c Dharamshala
Tests are failing because the
getDescription() {}
method is expecting a translatable string, which in case we have to provide. Looking for input here. - Status changed to Needs work
2 months ago 12:42pm 21 August 2024 - ๐บ๐ธUnited States smustgrave
This will need a title update as just the word "misleading" is vague and not sure what the problem is.
Probably should have test coverage as well.
- ๐ฎ๐ณIndia prashant.c Dharamshala
Before adding tests we need to decide on what would be the "description" for this as requested in #8 ๐ New User Logout confirm Form is misleading Needs work
- ๐ฎ๐ณIndia Sahana _N
sahana _n โ made their first commit to this issueโs fork.
- Status changed to Needs review
2 months ago 10:48am 22 August 2024 - ๐ฎ๐ณIndia Sahana _N
Hi Prashant.c
I created an MR Please review it.
If there are any inaccuracies, I would greatly appreciate your suggestions for improvement.Thank you!!
- ๐ฎ๐ณIndia prashant.c Dharamshala
@sahana _n
Thanks for your efforts but in the existing MR we are already using the
getDescription() {}
new MR was not required. Please see #8 ๐ New User Logout confirm Form is misleading Needs work - Status changed to Needs work
2 months ago 11:32am 22 August 2024 - ๐ฎ๐ณIndia prashant.c Dharamshala
prashant.c โ changed the visibility of the branch 3469116-Logout-confirmation-form-shows-inappropriate-confirmation-description to hidden.
- ๐ฎ๐ณIndia prashant.c Dharamshala
@smustgrave The Title of the issue has already been updated removing the tag. Please re-add if you still see some issues with the current title.
- ๐ฎ๐ณIndia prashant.c Dharamshala
TBD. Suggesting a couple of descriptions we can use:
- Logging out will end your current session, and you will need to log in again to continue.
- Once you log out, youโll need to sign in again to access your account.
- Status changed to Needs review
2 months ago 6:38am 28 August 2024 - ๐ฎ๐ณIndia Sahana _N
Hi,
Even I liked the second option and I updated the MR Please review.
I verified that in Drupal version 11.x.I would greatly appreciate your suggestions for improvement. Please let me know.
Thank you!!
- ๐ฆ๐บAustralia pameeela
Just wanted to confirm this one because as noted above, this text wasn't there when the change was committed. Added a screenshot to the IS.
I also agree that it's better without a description, I think at this point logging out is pretty self explanatory!
- ๐ฎ๐ณIndia prashant.c Dharamshala
@pameeela wrong screenshot attached :). Without description is good but see #8 ๐ New User Logout confirm Form is misleading Needs work , we have to provide the description.
- ๐ฆ๐บAustralia pameeela
Oops! Fixed.
I realise that the tests failed without a description, but that doesn't mean it's not possible :)
I guess it is better to update it to something more accurate for now than to have it be confusing.
- ๐ฎ๐ณIndia prashant.c Dharamshala
Yes, and this is added in #19 ๐ New User Logout confirm Form is misleading Needs work
- ๐ฆ๐บAustralia pameeela
Yes, I know that :)
I have made a minor change to the wording for review.
- ๐ฎ๐ณIndia prashant.c Dharamshala
Looks good to me. In my opinion, we can move it to RTBC.
- Status changed to Needs work
2 months ago 5:43am 29 August 2024 - Status changed to Needs review
about 2 months ago 10:17am 2 September 2024 - ๐ฎ๐ณIndia prashant.c Dharamshala
Added the check to test the existence of the description and that should be sufficient I guess.
- ๐ฎ๐ณIndia dishakatariya
Hi, I have verified this issue in our D11 version with the latest MR- 3469116-11.x-new-user-logout and it applies cleanly. This isssue is resolved now.
Testing steps:
As a logged in user, directly visit user/logout on a site (to trigger the CSRF protection and use the confirm form). The misleading text will be visible above the confirm/cancel buttons.Test Results:
Logout confirmation form shows the appropriate confirmation description now.Adding before and after screenshots.
Still putting this issue in needs review for the further code reviews.
Thanks!
- Status changed to Needs work
about 2 months ago 6:41am 3 September 2024 - ๐ฆ๐บAustralia pameeela
Hi @dishakatariya we already have screenshots for this so we don't need any new ones.
- Status changed to Needs review
about 2 months ago 7:33am 3 September 2024 - ๐ฎ๐ณIndia prashant.c Dharamshala
Thanks, @pameeela for the rebase, pipelines passed, moving to NR.
The Needs Review Queue Bot โ tested this issue. It fails the Drupal core commit checks. Therefore, this issue status is now "Needs work".
This does not mean that the patch necessarily needs to be re-rolled or the MR rebased. Read the Issue Summary, the issue tags and the latest discussion here to determine what needs to be done.
Consult the Drupal Contributor Guide โ to find step-by-step guides for working with issues.
- ๐ฎ๐ณIndia sagarmohite0031
Hello,
I have verified this issue on D11 version.
MR applies cleanly.Testing steps:
As a logged in user, directly visit user/logout on a site (to trigger the CSRF protection and use the confirm form).
The misleading text will be visible above the confirm/cancel buttons.Test Results:
Logout confirmation form shows the appropriate confirmation description now.Refer screenshots-
- ๐จ๐ฆCanada b_sharpe
Everything looks good, I'm sure the messaging will always be of debate, but this could always turn to a config option at a later date.