Conversation
There was a problem hiding this comment.
Pull request overview
This PR introduces a global(ish) frontend API/state for the 2FA modal by centralizing modal state and callbacks into a Pinia store, and refactoring the modal component to consume that store.
Changes:
- Added a new Pinia store (
use2faApi) to hold 2FA modal state, callbacks, and API checks. - Refactored
TwoFAModal.vueto render and operate based on the store (twofaApi.*) instead of local refs. - Wired OTP-input event listener registration through the store.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 8 comments.
| File | Description |
|---|---|
| custom/use2faApi.ts | New Pinia store that centralizes modal open state, title, callbacks, and passkey/skip checks. |
| custom/TwoFAModal.vue | Uses the new store for modal rendering and callback plumbing; registers OTP listener via the store. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| rejectFn, | ||
| setModalMode, | ||
| doesUserHavePasskeys, | ||
| modalMode, |
There was a problem hiding this comment.
@yaroslav8765 this is over-exposed and this is a critical issue, for users and LLM Agentic stability. In all plugins, always we need to expose from useXXAPI only methods which might be used by someone, very limited set (same method we had before exposed in window, nothing more then it), we should hide all internal implementation, e.g. setIsOpene can brake internal state, it is only get2FaConfirmationResult and maybe some couple of other methods?
Please never expose "just in case someone might use it" - it will cause a lot of issues, every exposed API method should be carefully planned, otherwise we mislead. Even before LLMs plain Ctrl+Space will show user all avaialble methods, user will think he can use it and by using some internal state method he might achieven unexpected unclear behaviour
Please read, ask chat to explain and remember these very basic principles:
- https://en.wikipedia.org/wiki/Encapsulation_%28computer_programming%29
- https://en.wikipedia.org/wiki/Information_hiding
- https://en.wikipedia.org/wiki/Law_of_Demeter
- https://en.wikipedia.org/wiki/Interface_segregation_principle
Lets discuss all 4 principles later
(add missing cookies/headers params when we are verifying user at the registerPasskeyRequest api) https://web.tracklify.com/project/2b7ZVgE5/AdminForth/1426/J92azLP8/image
No description provided.