Fix anon to auth user data sync #22
Conversation
- Removed link-email.dart and verify-link-email.dart routes - These endpoints were no longer in use and have been deprecated
… conversion - Update auth middleware to include authenticated user retrieval - Modify completeEmailSignIn function to accept and process authenticated user - Enable conversion of anonymous accounts to permanent ones during sign-in - Improve code comments for clarity and maintainability
…ent user conversion - Add support for converting guest users to permanent accounts during email sign-in - Implement stricter dashboard login checks - Refactor completeEmailSignIn method to handle multiple scenarios - Extract guest to permanent conversion logic into a separate method - Remove unused link email processes to reduce complexity
…code storage - Remove _LinkCodeEntry class - Remove link code related methods from VerificationCodeStorageService - Remove linkCodesStore from InMemoryVerificationCodeStorageService - Remove related cleanup and disposal logic for link codes
- Removed the section that cleared pending verification codes for linking - Retained the logic for clearing pending sign-in codes for the user's email - Updated the step numbering accordingly
- Clarify the authentication process, emphasizing passwordless email sign-in and anonymous guest accounts. - Explain the guest-to-user conversion process and its benefits. - Improve readability by splitting the 'Flexible & Secure Authentication' point into multiple sentences.
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Summary of Changes
Hello @fulleni, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!
This pull request significantly refactors the authentication system to improve and centralize the process of converting anonymous guest users into permanent authenticated users. By consolidating the conversion logic into the existing email sign-in flow and removing a separate, explicit email linking mechanism, the changes simplify the codebase, enhance security, and provide a more seamless user experience.
Highlights
- Consolidated User Conversion Flow: The process for converting an anonymous (guest) user to a permanent authenticated user has been streamlined and integrated directly into the
completeEmailSignInmethod. This replaces a separate, dedicated email linking process. - Removal of Dedicated Email Linking Endpoints: The API endpoints (
/api/v1/auth/link-emailand/api/v1/auth/verify-link-email) and their associated service methods have been removed, simplifying the authentication architecture. - Refactored Authentication Service: The
AuthServicenow includes a new private helper method,_convertGuestUserToPermanent, to encapsulate the logic for upgrading guest accounts, ensuring data preservation and proper role assignment. - Documentation Update: The
README.mdhas been updated to reflect the new, intelligent handling of guest-to-permanent user conversion, emphasizing data preservation.
Using Gemini Code Assist
The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.
Invoking Gemini
You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.
| Feature | Command | Description |
|---|---|---|
| Code Review | /gemini review |
Performs a code review for the current pull request in its current state. |
| Pull Request Summary | /gemini summary |
Provides a summary of the current pull request in its current state. |
| Comment | @gemini-code-assist | Responds in comments when explicitly tagged, both in issue comments and review comments. |
| Help | /gemini help |
Displays a list of available commands. |
Customization
To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.
Limitations & Feedback
Gemini Code Assist is currently in preview and may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments to provide feedback.
You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.
Footnotes
-
Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩
There was a problem hiding this comment.
Code Review
This pull request refactors the authentication flow to consolidate anonymous user conversion into the standard sign-in process. The changes improve code maintainability and reduce complexity. I've provided feedback on token invalidation and parameter handling.
| @@ -71,12 +70,14 @@ Future<Response> onRequest(RequestContext context) async { | |||
| final isDashboardLogin = (body['isDashboardLogin'] as bool?) ?? false; | |||
There was a problem hiding this comment.
The isDashboardLogin parameter defaults to false if not provided. Consider explicitly requiring this parameter to ensure the caller is always aware of the context.
required final bool isDashboardLogin = (body['isDashboardLogin'] as bool?) ?? false;
| /// {@template verification_code_storage_service} | ||
| /// Defines the interface for a service that manages verification codes | ||
| /// for different authentication flows (sign-in and account linking). |
There was a problem hiding this comment.
The comment mentions account linking, but the code for it has been removed. Consider updating the comment to reflect the current functionality.
/// Defines the interface for a service that manages verification codes
/// for different authentication flows (sign-in).
Status
READY/IN DEVELOPMENT/HOLD
Description
Type of Change