Open copitz opened 6 years ago
copitz
commented
6 years ago This is related to #4 and is - as said - a workaround until the underlying issues in Franz / electron are solved there. I don't think that it is related to converse because their client does fine and probably they can do nothing about it (a reasonable approach for that would be using the Credential Management API but this isn't available in electron and so it wouldn't help anyway)
alexander-schranz
commented
6 years ago @copitz I think doing this in JS saving it into the localstorage will open a huge security issue that somebody can read the credentials. So I would currently not merge this. Also it overwrite the whole page which could break when there are changes in inverse.chat.
copitz
commented
6 years ago You're definitely right regarding the security aspect - the right backend for the credentials would definitely be the Credential Management API or at least the electron backend using node-keytar to interoperate with the OS credential management but I could not find a way to bundle node-keytar or any node backend module with the recipe.
I'm totally fine with you not merging this - I just really needed a way to stay logged in.
However just for the records: the credentials are not stored when the "trusted" checkbox is disabled.
@copitz not sure which problems you try to fix for me it looks more you should contribute this to converse.js: https://github.com/conversejs/converse.js/