Skip to content
This repository has been archived by the owner on Sep 11, 2024. It is now read-only.

Overwrite the old session if the new creds are for a different user #3189

Merged
merged 4 commits into from
Jul 9, 2019

Conversation

turt2live
Copy link
Member

Fixes element-hq/element-web#10272
Based on #3182 (see commits after merge commit)

@turt2live turt2live requested a review from a team July 5, 2019 20:48
Copy link
Contributor

@bwindels bwindels left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

src/Lifecycle.js Outdated Show resolved Hide resolved
@turt2live turt2live self-assigned this Jul 8, 2019
When the HS implementation doesn't respect the device_id parameter erroneously
@turt2live turt2live removed their assignment Jul 8, 2019
@turt2live turt2live requested a review from bwindels July 8, 2019 21:35
@turt2live
Copy link
Member Author

turt2live commented Jul 8, 2019

@bwindels I've included a device ID check in this - please take a look.

Edit: rationale for wiping when the device ID differs is that our current keys are useless and unusable, so we might as well throw them away. Once again, we could prompt the user and say "hey, you're about to do something dumb" but at this point the homeserver is unlikely to support what we want it to and the user can't do anything about it.

Copy link
Contributor

@bwindels bwindels left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oh yeah, deviceId is a good idea. Lgtm!

@turt2live turt2live merged commit 4c5a7d4 into develop Jul 9, 2019
@turt2live turt2live deleted the travis/soft-logout-overwrite branch July 9, 2019 17:43
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Soft logout: if the hydrated user ID doesn't match the session's user ID, overwrite
2 participants