Finalize login page migration

[jolelievre]

Questions	Answers
Branch?	develop
Description?	Finalize login page migration
Type?	new feature
Category?	BO
BC breaks?	yes
Deprecations?	no
How to test?	CI green UI tests green Functional test: the login page in BO, the reset password feature, any campaign/scenario related to login page
UI Tests	https://github.com/jolelievre/ga.tests.ui.pr/actions/runs/9676037962 https://github.com/florine2623/testing_pr/actions/runs/9663231021 ✅
Fixed issue or discussion?	Fixes #36347
Related PRs	~
Sponsor company	~

[kpodemski]

@jolelievre do you plan to reintroduce those hooks? one way or another, I'm pretty sure they've been useful for some 2FA modules

[kpodemski]

@jolelievre unless there are certain events triggered on the SF side of things that could be a replacement

[jolelievre]

No these hooks were triggered by the legacy controller, the legacy controller is no more and it wouldn't make sense to maintain them because we can't dispatch the same parameters (which was the legacy controller)

Usually we actually never maintain/remove the hooks removed along with legacy pages, but this time I thought it as worth the extra effort This way I also noted which hooks were actually removed and I'm adding them in the dev doc

My plan is to explain which hook were removed, which ones were maintained (two actually), and what alternative hooks can be used no even if they are different, I'll ping you on the PR for the doc

If we realize some hooks are missing we can also think of what new hooks could/should be introduced

[jolelievre]

There is one hook that was kept strictly for legacy retro compatibility here:

PrestaShop/src/PrestaShopBundle/Twig/Component/Login/LoginHeadTag.php

Lines 38 to 43 in 29bf247

	$this->hookDispatcher->dispatchWithParameters(
	'actionAdminLoginControllerSetMedia',
	[
	'controller' => $this->legacyControllerContext,
	]
	);

It does provide a legacy controller, or actually a "fake" legacy controller we implemented as a bridge to still allow some legacy modifications like $legacyController->addJs

Maintaining this hook to allow adding assets was relevant, but all the other hooks would be overkill IMHO It gives the wrong impression that nothing changed and it forces us to maintain retro compatibility in too many places

[Progi1984]

Ok for tests/UI directory

[florine2623]

Hello @jolelievre ,

Tested and compared to old login page.

QA OK ✅

• Standard employee email/password login
• Correct employee email/wrong password
• Non-existing email/any password
• Logout from BO
• Links to prestashop-project.org and social medias
• Make sure the work done by @M0rgan01 for backoffice cron calls work correctly with the migrated Login system (search cron regeneration)
• Responsive
• Correct email is sent for Forget my password feature

QA NOK ❌ or needs improvement ⚠️

BUG 1

Changing the name of shop (Contact > Stores) doesn't change the title of the login page

BUG 2

Clickable link "back to FO" is too long. I can click anywhere on the header and it will go back to my FO.

BUG 3

Non-valid email is not detected. I should have a warning message and I should not be able to click on Log In until my email address has a valid format.

It should be like :

It is like so :

BUG 4

When a reset link is sent, the message is different between Old and New Login page.
Old Login Page :

New Login page :

BUG 5

Employees with different roles and permissions cannot access the BO. I created a translator, when I log in with correct email/password, I have an exception. I kept the Default page as Dashboard (not accessible by this employee).

BUG 6

When my login page has been open long enough and refreshed, I have a CSRF alert. Even after refreshing the page the alert is displayed, I have to manually close the alert.

BUG 7

Alert message in Log In page is still displayed after I go to Forget my password page. I should not have to manually close it if I move to another page.

Screen.Recording.2024-06-13.at.14.43.55.mov

BUG 8

maybe not bug but feature, but I couldn't find any info on that topic)
I can't receive multiple "Forget my password" emails. I have to wait 24 hours. This cannot be configured. In Old Login Page I could send as many as I wanted.

BUG 9

In Multistore context, I created a second-store, granted access to only 1 employee Translator. Tried to log in via my translator employee account ❌ tried to access m store via my default SuperAdmin employee ❌
BO and login page can't be accessed anymore.

Waiting for your feedback ^^
Thanks!

[jolelievre]

Thanks @florine2623

here are the bugs I fixed with the recent changes:

Bug 1 The form title now uses the global configuration (previously it used the Shop->name which stores the shop name in another place)
Bug 2 Fixed
Bug 3 The new login page now handles the email validation, the UX is not 100% the same because we use a different BO theme and a different version of bootstrap, but it should be iso-functional besides that.
Bug 4 The wording was updated to match the previous one (I had copied some other wording for Ajax return, not adapted in this context indeed)
Bug 5 Actually, the bug was in the employee edition form, when the profile is changed the available options for the home page is supposed to be updated to only propose available values, this feature was broken on develop and is now fixed. If the homepage is edited in some other manual ways (direct DB edit for example) then the access denied is still relevant. However it is handled differently now, we no longer automatically redirect to homepage we display an error page (in prod mode you get a page with the menu so you can navigate to another page).
Bug 7 Fixed, all the alert messages are removed when we click of I forgot my password
Bug 8 Yes my bad I misunderstood the initial feature, the password reset is only blocked temporarily AFTER you actually reset your password, and the delay is configurable in Advanced Parameters > Team > Password regeneration
Bug 9 Fixed

This is the only don't that wasn't fixed, but it matches the usual behaviour of Symfony
Bug 6 This is the native behaviour of the CQRS feature in Symfony, I don't think we should change it, the errors can be closed and on the second try, they should disappear.

[florine2623]

Hello @jolelievre ,

BUG 5 ✅

Works like a charm !
The employee has only access to the pages that are accessible by his role !

Screen.Recording.2024-06-26.at.12.08.16.mov

BUG 10 ✅

Fixed, same design in login and password page.

Thanks !

It is QA ✅ 💪

[ps-jarvis]

QA approved, well done! Message to the maintainers: do not forget to milestone it before the merge.

[kpodemski]

we need one approval @Progi1984 @nesrineabdmouleh

[Progi1984]

Ok for UI Tests (tests/UI/tools/urls.ts).

Not in my scope for remaining files.

[kpodemski]

thanks @jolelievre 🎉