You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original PR Title: UX: One step wizard Original PR Description: Consolidates all three wizard screens into one. Cleans up some leftover, unused wizard elements (checkbox, image, canvas inputs).
Consolidates three-step wizard into single unified setup step
Removes unused wizard elements (canvas, sidebar, step counter, navigation buttons)
Simplifies frontend component logic and styling
Removes refresh_required mechanism and multi-step navigation
Cleans up serializers by removing unused attributes
Diagram Walkthrough
flowchart LR
A["Three-Step Wizard<br/>introduction → privacy → ready"] -->|Consolidate| B["Single Setup Step<br/>All fields in one step"]
B -->|Remove| C["Navigation Elements<br/>next/previous buttons"]
B -->|Remove| D["UI Elements<br/>canvas, sidebar, counter"]
B -->|Simplify| E["Direct Completion<br/>Jump In → Home"]
Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance.
Status: Missing Audit Logs: The controller updates setup and privacy-related site settings but the new code adds no logging of these critical configuration changes or who performed them.
Generic: Robust Error Handling and Edge Case Management
Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation
Status: Weak Error Context: The new jumpIn flow sets a local error flag on validation failure without surfacing actionable error details or recovery guidance, potentially reducing user feedback clarity.
Referred Code
@action
async jumpIn() {
const valid = await this.step.validate();
if (!valid) {
this.hasError = true;
return;
}
const response = await this.step.save();
if (response && response.success) {
// We are not using Ember routing here because we always want to reload the app
// ensure language, site title are properly set.
document.location = getUrl("/");
}
Generic: Security-First Input Validation and Data Handling
Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities
Status: Minimal Validation: The new ensure_changed check and settings updates rely on provided params without visible sanitization, which may be validated elsewhere but is not evident in the added code.
The server response on successful update is incorrect
The update action in StepsController incorrectly returns a JSON body with a 204 No Content status. This violates HTTP standards and causes the frontend logic, which expects a JSON response to confirm success, to fail.
constresponse=awaitthis.step.save();if(response&&response.success){// We are not using Ember routing here because we always want to reload the app// ensure language, site title are properly set.document.location=getUrl("/");}
Solution Walkthrough:
Before:
# app/controllers/steps_controller.rbclassStepsController<ApplicationControllerdefupdate
# ...
ifupdater.success?
result={success: "OK"}renderjson: result,status: :no_content # 204NoContentelse
# ...
endendend// frontend/discourse/app/static/wizard/components/wizard-step.gjsasyncjumpIn(){// ...constresponse=awaitthis.step.save();if(response&&response.success){// This check failsdocument.location=getUrl("/");// This redirect is never reached}}
After:
# app/controllers/steps_controller.rbclassStepsController<ApplicationControllerdefupdate
# ...
ifupdater.success?
result={success: "OK"}renderjson: result,status: :ok # 200OKelse
# ...
endendend// frontend/discourse/app/static/wizard/components/wizard-step.gjsasyncjumpIn(){// ...constresponse=awaitthis.step.save();if(response&&response.success){// This check now passesdocument.location=getUrl("/");// Redirect occurs as expected}}
Suggestion importance[1-10]: 9
__
Why: This is a critical bug that breaks the wizard's primary action, as the frontend redirect will fail due to an incorrect server response that violates HTTP specifications.
High
Possible issue
Fix broken client redirect logic
Change the success response status from 204 No Content to the default 200 OK to ensure the JSON body is sent, which is required by the client for redirection.
if updater.success?
result = { success: "OK" }
- render json: result, status: :no_content+ render json: result
else
Apply / Chat
Suggestion importance[1-10]: 9
__
Why: The suggestion correctly identifies a functional bug introduced in the PR where the client-side redirect will fail because the server sends a 204 No Content response, while the client expects a JSON body.
High
Provide user feedback on save failure
In the jumpIn action, add an else block to handle failed save operations by setting this.hasError = true, providing visual feedback to the user on server-side validation failures.
async jumpIn() {
const valid = await this.step.validate();
if (!valid) {
this.hasError = true;
return;
}
const response = await this.step.save();
- if (response && response.success) {+ if (response?.success) {
// We are not using Ember routing here because we always want to reload the app
// ensure language, site title are properly set.
document.location = getUrl("/");
+ } else {+ this.hasError = true;
}
}
Apply / Chat
Suggestion importance[1-10]: 8
__
Why: The suggestion correctly identifies a bug where server-side validation errors are not handled, leaving the user without feedback. Adding an else block to set an error state is a critical improvement for user experience.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
User description
Benchmark PR discourse#36082
Type: Corrupted (contains bugs)
Original PR Title: UX: One step wizard
Original PR Description: Consolidates all three wizard screens into one. Cleans up some leftover, unused wizard elements (checkbox, image, canvas inputs).
Internal ticket: t/164852
Original PR URL: discourse#36082
PR Type
Enhancement
Description
Consolidates three-step wizard into single unified setup step
Removes unused wizard elements (canvas, sidebar, step counter, navigation buttons)
Simplifies frontend component logic and styling
Removes refresh_required mechanism and multi-step navigation
Cleans up serializers by removing unused attributes
Diagram Walkthrough
File Walkthrough
12 files
Consolidate three wizard steps into oneRemove next/previous navigation attributesRemove icon attribute from field classesRemove unused field serializer attributesRemove refresh_required mechanismRemove icon from choice serializerSimplify response handling and status codesRemove description_vars from step attributesUpdate wizard model for single setup stepRemove multi-step styling and simplify layoutSimplify step component to single-step flowSimplify step template wrapper component6 files
Update wizard tests for single-step flowRefactor updater specs for unified setup stepUpdate builder specs for single setup stepSimplify serializer tests for one stepUpdate controller tests for setup endpointRemove unused test helper imports2 files
Update wizard step localization stringsRemove unused wizard UI localization strings13 files