feat(sc-44544): auto opt-in to Library Assistant after promo-driven auth#3399
Conversation
Anon users who click the Library Assistant promo CTA were enrolled in the experiment only after a second 'Join' click post-login. Route the promo's login/register ?next= through a new /enable-library-assistant landing view: once auth completes the user lands there, is enrolled in the experiments whitelist (reusing _set_user_experiments), and is redirected back to where they were. The assistant then appears on reload with no extra click. - New view enable_library_assistant: same-host-validated redirect, forwards the register welcome flag, bounces anon hits to login. - Banner anon CTAs now target the opt-in landing via nested ?next=. - Normal (non-promo) logins are unaffected. - Tests cover enroll+redirect, anon->login, offsite-next fallback, welcome forwarding, default, and idempotency. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Source files shouldn't carry Shortcut story IDs (branch/commit refs are enough). Replicated on the login-page branch. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
📊 Code Quality Score: 18/100
Was this score accurate? 👍 Yes · 👎 No Scored by GitVelocity · How are scores calculated? |
Skip Library Assistant enrollment when the browser reports a cross-site request (Sec-Fetch-Site), so a cross-site <img> can't silently enroll a logged-in user; the real same-origin post-login redirect is unaffected. Add tests for protocol-relative next, welcome appended to an existing query string, and the cross-site skip; assert no duplicate settings row. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
/ork multi-agent review — verdict: COMMENT → addressedRan a 3-agent review (security/auth-flow, correctness/integration, test adequacy). No blockers; the feature was verified end-to-end (login + register paths, nested Findings addressed in
Noted, not changed (out of scope / pre-existing):
🤖 review run via ork-style parallel agents |
Verification note — CI PyTest red is a suite-wide 60-min timeout, not this PRThe To verify this PR's tests directly, I ran the new file inside the All 9 cases green: enroll+redirect, anon→login (no enroll), offsite-next fallback, protocol-relative Also verified live on the cauldron: logged-out |
…ndidates' into feature/sc-44544/la-promo-change-opt-in-behavior-for-non
717541b
into
feature/sc-44545/update-login-page-to-handle-anon-la-candidates
What & why
Closes the last manual step in the Library Assistant promo flow for non-authenticated users.
Before: an anon user who clicked the promo CTA had to (1) log in / register, then (2) click a second Join the Experiment button before the assistant appeared.
After: clicking the promo CTA → logging in or registering → the user is automatically enrolled in the experiments whitelist and returned to where they were, with the Library Assistant showing on reload. No extra click. (A page reload is expected and acceptable.)
How
The promo's login/register
?next=is routed through a new/enable-library-assistantlanding view:/login?next=/enable-library-assistant?next=<originalPath>(same for/register)._set_user_experiments(...)helper, then redirects back to<originalPath>.This reuses the
?next=plumbing the login page already hardened, so it survives the login↔register cross-flow switch and the form POST without extra wiring.Safety / edges
CustomLogoutView.welcome=to-sefariaflag is forwarded to the final destination.Tests
reader/tests/enable_library_assistant_test.py: enroll+redirect, anon→login (not enrolled), offsite-next fallback, welcome forwarding, missing-next default, idempotency.Base branch
Targets the login-page branch (the cross-flow nav it depends on) — not yet merged to master. Rebase to master once that lands.
🤖 Generated with Claude Code