manager-ui icon indicating copy to clipboard operation
manager-ui copied to clipboard

Published 20 hours ago verified publisher icon zesty-io

DUO Mode: Switch on DUO Mode for Existing and New Customers

Open zcolah opened this issue 1 year ago • 14 comments

Problem Customers do not know about DUO Mode and how to start it. We just want to start it for existing customers and new customers/instance in the future.

Solution Steps Specifically this solution is based around a content policy setting.

  • [x] 1. @giseleblair Please document the solution or assign someone to document this
  • [ ] 2. There needs to be a change made to the product by the manager ui team to allow for the value that @giseleblair has documented. If there are any questions on how to go about this please ask @shrunyan.
  • [x] 3. We need to bake that value into the starter blue print, and into all of the existing templates. We want to make DUO mode the default experience for all of the templates.
  • [ ] 4. Once we complete this solution, we will lead an outreach effort to existing customers where we inform them of DUO mode, and the steps they need to set it up along with an option for a training/setup call.

zcolah avatar Dec 12 '23 21:12 zcolah

@zcolah DUO mode is turned on by default if they have it enabled

agalin920 avatar Dec 20 '23 23:12 agalin920

@agalin920 this is a ticket that is WIP with Randy. Not yet assigned to any developers therefore.

zcolah avatar Dec 21 '23 23:12 zcolah

The following settings would be the ideal values to allow to use DUO mode within the product: Settings: Header: X-Frame-Options Content-Security-Policy Referrer-Policy

Screenshot 2023-12-13 at 4 02 35 PM

giseleblair avatar Jan 03 '24 19:01 giseleblair

These settings when present disable duomode setting.key === "basic_content_api_key" setting.key === "headless_authorization_key" setting.key === "authorization_key" setting.key === "x_frame_options"

agalin920 avatar Jan 31 '24 23:01 agalin920

@giseleblair @agalin920 i already create a branch (https://github.com/zesty-io/template-pomelo/tree/enable-duo-mode) for this, removing the setting to enable duo mode but the installer template installation does not support deletion of settings. it only updates or creates settings. with this, i think we must also need to delete those settings on the "template base blueprint" since this blueprint creates the base or default setting for the instance before the installer updates or creates the settings for template.

Image

allenpigar avatar Feb 13 '24 12:02 allenpigar

I believe that template base blueprint only exists in the database, can you confirm @allenpigar

giseleblair avatar Feb 13 '24 17:02 giseleblair

@giseleblair yes it exist on the database and sql scripts are need to update. but as we have discussed, there no need to remove those settings and just set the default value to null. with this, we can just update the values on the template itself without any changes on the blueprint. i already created pr for review.

https://github.com/zesty-io/template-blank/pull/2 https://github.com/zesty-io/template-simple-blog/pull/1 https://github.com/zesty-io/template-pomelo/pull/3

allenpigar avatar Feb 15 '24 00:02 allenpigar

@giseleblair it seems like there's nothing needed to done in manager-ui for this ticket anymore as I tried creating new instances using all the existing templates are they all have duo mode enabled by default already.

I checked in with @allenpigar and he has confirmed that he changed the template's default values for the following settings (basic_content_api_key, headless_authorization_key, authorization_key and x_frame_options) to null which is what manager-ui needs for duo mode to be enabled. Therefore it doesn't seem like any work needs to be done in the manager-ui since the changes that Allen made already enables duo mode by default for newly-created instances.

finnar-bin avatar Aug 19 '24 01:08 finnar-bin

@finnar-bin please refer to my screenshot above in the thread (from Jan 3) and test with those values. Duo mode needs to work with the those values not just the null values from the templates

giseleblair avatar Aug 19 '24 01:08 giseleblair

@giseleblair so just to clarify, the goal here is to make sure that duo mode is activated if those settings are either null or contain the specific values you mentioned?

finnar-bin avatar Aug 19 '24 05:08 finnar-bin

@finnar-bin Duo mode does not get activated by these settings. But the goal is that when Duo Mode is turned on, AND the above settings are either null or the specific mentioned values that the Duo Mode frame will render the page as expected. Currently, the values MIUST be null in order for the Duo Mode frame to render. But we want to update this logic so it will also work with the mentioned values.

giseleblair avatar Aug 19 '24 13:08 giseleblair

Note to self: CSP needs to be validated as well

finnar-bin avatar Aug 28 '24 22:08 finnar-bin

@giseleblair is there a need to validate that the value for Referrer-Policy be either null or "strict-origin-when-cross-origin" for the duo mode toggle to be visible?

I've already tested the CSP setting and it seems like what works is frame-ancestors 'self' *.zesty.io for the iframe to be rendered within manager-ui but not elsewhere.

finnar-bin avatar Sep 06 '24 06:09 finnar-bin

I believe that CSP will trump the Referrer-Policy value @finnar-bin but it is still worth validating in the order of operations

giseleblair avatar Sep 11 '24 21:09 giseleblair