Page MenuHomePhabricator

Add "Auth Messages" to support customizing onboarding/welcome flows

Authored by epriestley on Jan 17 2019, 7:43 PM.



Ref T13222. Long ago, we had a Config option (welcome.html) to let you dump HTML onto the login screen, but this was relatively hard to use and not good from a security perspective.

In some cases this was obsoleted by Dashboards, but there's at least some remaining set of use cases for actual login instructions on the login screen. For example, WMF has some guidance on which SSO mechanism to use based on what types of account you have. On secure, users assume they can register by clicking "Log In With GitHub" or whatever, and it might reduce frustration to tell them upfront that registration is closed.

Some other types of auth messaging could also either use customization or defaults (e.g., the invite/welcome/approve mail).

We could do this with a bunch of Config options, but I'd generally like to move to a world where there's less stuff in Config and more configuration is contextual. I think it tends to be easier to use, and we get a lot of fringe benefits (granular permissions, API, normal transaction logs, more abililty to customize workflows and provide contextual help/hints, etc). Here, for example, we can provide a remarkup preview, which would be trickier with Config.

This does not actually do anything yet.

Test Plan

Diff Detail

rP Phabricator
Automatic diff as part of commit; lint not applicable.
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

epriestley created this revision.Jan 17 2019, 7:43 PM
Owners added a subscriber: Restricted Owners Package.Jan 17 2019, 7:43 PM
epriestley requested review of this revision.Jan 17 2019, 7:45 PM
amckinley accepted this revision.Jan 19 2019, 12:48 AM
amckinley added inline comments.

Should this replace the one-off custom messages from D19991?

This revision is now accepted and ready to land.Jan 19 2019, 12:48 AM

My thinking here is that both types are useful -- you can have a generic "here's how to get set up", and then override it with alternate instructions if it's a special case.

Or if you have three different weird ways that external users interact with invites, you can put the three different weird variations on a wiki somewhere and copy/paste them in appropriately. It sounds like the use case in PHI1027 might possibly benefit from that kind of flexibility.

This revision was automatically updated to reflect the committed changes.