Skip to content
This repository has been archived by the owner on Jan 24, 2023. It is now read-only.

Permissions persist across logins, across users #35

Open
dghelm opened this issue Sep 3, 2021 · 0 comments
Open

Permissions persist across logins, across users #35

dghelm opened this issue Sep 3, 2021 · 0 comments
Labels
bug Something isn't working

Comments

@dghelm
Copy link
Contributor

dghelm commented Sep 3, 2021

Describe the bug

A user can logout, login with a new seed, and if permissions were already granted for a domain+dataDomain pairing, they won't be requested of the new user.

To Reproduce

  1. Visit https://300ajmf6mc3fv6me8sihbj12k9rqttk78uingfans524secs9267n58.siasky.net/
  2. Logout if logged in.
  3. Authenticate, use Sign Up, approve permissions.
  4. Log Out
  5. Authenticate, use Sign Up.
  6. No prompt for permissions.

Expected behavior

Same as above, but step 6 sees a prompt for permissions.

Additional context

We need to either delete local indexedDB, or have a new indexedDB name per user logging in. Later versions should encrypt or obfuscate this data if it persists on the browser after logging out.
@dghelm dghelm added the bug Something isn't working label Sep 3, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dghelm