Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(BrowserStorage) - clear BrowserStorage when different user logged in #10301

Merged
merged 1 commit into from
Aug 22, 2023
Merged

fix(BrowserStorage) - clear BrowserStorage when different user logged in #10301

merged 1 commit into from
Aug 22, 2023

Conversation

Antreesy
Copy link
Contributor

☑️ Resolves

  • If another user is logged in, we should check, whether it's uid matches with last cached uid.
    • if it matches, we could safely restore and use data from storage;
    • if not, we wipe everything related to the last user and containing possibly sensitive data;

🖼️ Screenshots

No visual changes

🚧 Tasks

  • Add encryption?
  • Another possible checks if uid is not enough?

🏁 Checklist

@Antreesy Antreesy added this to the 💙 Next Major (28) milestone Aug 22, 2023
@Antreesy Antreesy self-assigned this Aug 22, 2023
ShGKme
ShGKme requested changes Aug 22, 2023
View reviewed changes
src/App.vue Outdated Show resolved Hide resolved
@Antreesy
Copy link
Contributor Author

In fix-up:

  • don't save uid for non-autorized users: null === null on checking for guests, all preferences are keeped
  • when there's a mismatch, clear only conversations (as it's the only part of sensitive data)
  • TODO:
    • unify sensitive data somehow

@Antreesy
clear BrowserStorage with possibly sensitive data when another user i…
7f8ce07 
…s logged in on this device

Signed-off-by: Maksim Sukharev <antreesy.web@gmail.com>
@Antreesy Antreesy force-pushed the fix/noid/wipe-browser-storage branch from 7e0ea21 to 7f8ce07 Compare August 22, 2023 15:38
ShGKme
ShGKme reviewed Aug 22, 2023
View reviewed changes
src/App.vue Show resolved Hide resolved
@nickvergessen nickvergessen merged commit 45b1d33 into master Aug 22, 2023
18 checks passed
@nickvergessen nickvergessen deleted the fix/noid/wipe-browser-storage branch August 22, 2023 19:27
@nickvergessen
Copy link
Member

/backport to stable27

@backportbot-nextcloud backportbot-nextcloud bot mentioned this pull request Aug 22, 2023
Merged
@Antreesy Antreesy mentioned this pull request Sep 20, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nickvergessen nickvergessen nickvergessen approved these changes

@ShGKme ShGKme ShGKme approved these changes

@SystemKeeper SystemKeeper Awaiting requested review from SystemKeeper

Assignees

@Antreesy Antreesy

Labels
3. to review feature: frontend 🖌️ "Web UI" client regression security
Projects
None yet
Milestone
v18.0.0-beta.1
Development

Successfully merging this pull request may close these issues.
3 participants
@Antreesy @nickvergessen @ShGKme