Skip to content

feat(unstitching): unstitch confirm password mutation#7508

Merged
egdbear merged 2 commits intomainfrom
egdbear/unstitching/confirm-password-
Mar 11, 2026
Merged

feat(unstitching): unstitch confirm password mutation#7508
egdbear merged 2 commits intomainfrom
egdbear/unstitching/confirm-password-

Conversation

@egdbear
Copy link
Copy Markdown
Contributor

@egdbear egdbear commented Mar 10, 2026
edited
Loading

This PR replaces the stitched Gravity confirmPassword mutation with a metaphysics implementation behind the USE_UNSTITCHED_CONFIRM_PASSWORD feature flag, following the same pattern as recordArtworkView.

A new POST /api/v1/me/confirm_password REST endpoint was added in gravity https://github.com/artsy/gravity/pull/19860 to support this.

The schema is kept identical to the existing Gravity mutation (password input, valid boolean output) to avoid breaking any clients. This mutation is actively used in Force for 2FA setup flows (app authenticator, SMS, disable factor, regenerate backup codes). It is not used in Eigen.

@egdbear egdbear requested a review from a team March 10, 2026 13:22
@egdbear egdbear self-assigned this Mar 10, 2026
egdbear
egdbear commented Mar 10, 2026
View reviewed changes
Comment thread src/schema/v2/Show/__tests__/createPartnerShowEventMutation.test.ts
startAt: "2025-01-01T12:00:00.000Z",
endAt: "2025-01-01T18:00:00.000Z",
formattedTimeZone: "(GMT-05:00) New York",
formattedTimeZone: expect.stringMatching(
Copy link
Copy Markdown
Contributor Author

@egdbear egdbear Mar 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/cc @mzikherman

Copy link
Copy Markdown
Contributor

@mzikherman mzikherman Mar 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It wouldn't be daylight savings time without one of these every year! Thanks.

Copy link
Copy Markdown
Contributor

@jpotts244 jpotts244 Mar 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Heyo, nice!

I might merge in this patch: #7509 to unblock current work, unless this PR is ready to go @egdbear ?

Copy link
Copy Markdown
Contributor Author

@egdbear egdbear Mar 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @jpotts244, that works!! 🙏

@github-actions github-actions Bot deleted a comment from claude Bot Mar 10, 2026
@egdbear egdbear force-pushed the egdbear/unstitching/confirm-password- branch from b6abd43 to 9c5b7da Compare March 10, 2026 16:28
@github-actions github-actions Bot deleted a comment from claude Bot Mar 10, 2026
@egdbear egdbear force-pushed the egdbear/unstitching/confirm-password- branch from 9c5b7da to 2e8273e Compare March 11, 2026 09:51
@github-actions github-actions Bot deleted a comment from claude Bot Mar 11, 2026
@claude
Copy link
Copy Markdown
Contributor

claude Bot commented Mar 11, 2026

Code Review

Summary

This PR unstiches the confirmPassword mutation from the Gravity stitched schema into a native Metaphysics implementation. It follows the established unstitching pattern: feature flag (USE_UNSTITCHED_CONFIRM_PASSWORD), conditional type/mutation exclusion from the Gravity schema, a new native mutation with loader, and corresponding tests.

Issues Found

No blocking or important issues found. The PR follows the established unstitching pattern cleanly and matches existing conventions (e.g., recordArtworkViewMutation).

Areas Reviewed

  • Architecture & Design: The unstitching pattern is correctly followed across all required files — config.ts, gravity/schema.ts, schema.ts, the mutation file, and the loader registration. Feature flag gating is properly applied.
  • Security: Auth check is present — the mutation throws if confirmPasswordLoader is undefined (unauthenticated). Password is forwarded to Gravity which handles the actual validation, appropriate for a passthrough layer.
  • Testing: Good coverage — valid password, invalid password, and unauthenticated user cases are all tested. Tests are correctly gated behind the feature flag with describe.skip.
  • Bugs & Edge Cases: The timezone test fix in createPartnerShowEventMutation.test.ts is a sensible change — using a regex to match either GMT-04:00 or GMT-05:00 handles DST transitions that could cause flaky tests.

Looks good to merge. 👍

@egdbear egdbear merged commit 2a9bc3a into main Mar 11, 2026
8 checks passed
@egdbear egdbear deleted the egdbear/unstitching/confirm-password- branch March 11, 2026 10:04
@egdbear egdbear mentioned this pull request Mar 12, 2026
Merged
@claude claude Bot mentioned this pull request Mar 12, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mzikherman mzikherman mzikherman left review comments

@jpotts244 jpotts244 jpotts244 left review comments

Assignees

@egdbear egdbear

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@egdbear @mzikherman @jpotts244