Blame
|
1 | --- |
||||||
| 2 | category: spec |
|||||||
| 3 | tags: [ux, auth, login, plan] |
|||||||
| 4 | last_updated: 2026-03-17 |
|||||||
| 5 | confidence: high |
|||||||
| 6 | --- |
|||||||
| 7 | ||||||||
| 8 | # Login Page UX Improvement Plan |
|||||||
| 9 | ||||||||
| 10 | Two independent changes: (1) route-level logic to detect and act on an existing valid JWT cookie, and (2) visual redesign of the auth templates to match the landing page. No ATProto OAuth flow changes required. |
|||||||
| 11 | ||||||||
| 12 | ## 1. JWT Detection and Auto-Redirect |
|||||||
| 13 | ||||||||
| 14 | **Where:** `oauth_login()` GET branch in `auth_server.py`. |
|||||||
| 15 | ||||||||
| 16 | **Logic:** |
|||||||
| 17 | 1. Read `request.cookies.get(COOKIE_NAME)` |
|||||||
| 18 | 2. If present, call `platform_jwt.validate_token(cookie_token)` |
|||||||
| 19 | 3. On success: redirect to `return_to` (if set and safe) or `/app/` |
|||||||
| 20 | 4. On `ExpiredSignatureError`: decode without verification to extract `handle` claim, pass as `prefill_handle` to template |
|||||||
| 21 | 5. On any other error: fall through to render login form normally |
|||||||
| 22 | ||||||||
| 23 | The login template pre-populates `<input name="username">` with `prefill_handle` if provided. |
|||||||
| 24 | ||||||||
| 25 | ## 2. Visual Redesign — Match Landing Page |
|||||||
| 26 | ||||||||
| 27 | **Current state:** Auth pages use Pico CSS (purple, dark theme). Landing page uses custom `style.css` (light, minimal, system fonts). Management panel uses Halfmoon/Bootstrap. |
|||||||
| 28 | ||||||||
| 29 | **Approach:** Replace Pico CSS in `app/auth/templates/base.html` with the landing page's `style.css`. Use same `<div class="page">` wrapper and `<header>`/`<footer>` structure as `index.html`. Add minimal form/button styles (inline or in `style.css`). Consent page also extends `base.html` — benefits automatically. |
|||||||
| 30 | ||||||||
| 31 | ## Files to Modify |
|||||||
| 32 | ||||||||
| 33 | | File | Change | |
|||||||
| 34 | |---|---| |
|||||||
| 35 | | `app/auth_server.py` | JWT cookie check + pre-fill logic in GET branch of `oauth_login()` | |
|||||||
| 36 | | `app/auth/templates/base.html` | Replace Pico CSS with `style.css`, match landing page HTML structure | |
|||||||
| 37 | | `app/auth/templates/login.html` | Add `value="{{ prefill_handle or '' }}"` to username input | |
|||||||
| 38 | | `static/style.css` | Add minimal form/button styles (or use inline block in base.html) | |
|||||||
| 39 | ||||||||
| 40 | ## Test Plan |
|||||||
| 41 | ||||||||
| 42 | 1. `test_login_get_with_valid_jwt_redirects_to_dashboard` — valid cookie → 302 to `/app/` |
|||||||
| 43 | 2. `test_login_get_with_valid_jwt_and_return_to_redirects` — valid cookie + return_to → redirect |
|||||||
| 44 | 3. `test_login_get_with_expired_jwt_prefills_handle` — expired cookie → 200 with handle pre-filled |
|||||||
| 45 | 4. `test_login_get_with_invalid_jwt_shows_form_blank` — garbage cookie → 200, no pre-fill |
|||||||
| 46 | 5. Visual regression: manual review against landing page |
|||||||
| 47 | ||||||||
| 48 | ## Sequencing |
|||||||
| 49 | ||||||||
| 50 | 1. Route logic (auth_server.py) — self-contained, testable immediately |
|||||||
| 51 | 2. Template changes (base.html, login.html) — same or separate commit |
|||||||
| 52 | 3. Optional: form styles in style.css (shared file, deserves own review) |
|||||||