New website just logs me in as you

[brysgo]

It would appear that the current user is hardcoded to 1egoman.

[brysgo]

My best guess is that the deployment is using your whoamiMock.

[1egoman]

😲

I'll take a look and see if I can debug the issue. Thanks for bringing it to my attention.

[1egoman]

Turns out it was just a hardcoded value from my mockups that I forgot to change. https://github.com/backstrokeapp/dashboard/blob/master/src/components/link-list/index.js#L93

No security issues here!

Fixed in https://github.com/backstrokeapp/dashboard/commit/a9811dd921fa8526c8f332efc3aab9adc1091d16. Thanks again @brysgo!

[brysgo]

for some reason app.backstroke.co still logs me in as you

[1egoman]

@brysgo Can you give me a screenshot? Where does it indicate that you are logged in as me?

[brysgo]

[1egoman]

That isn't good. Did you get an oauth prompt to login with github? What are the steps that you took to get into that state?

I just tried to login with another Github account that I have and I couldn't replicate this behavior. What I did:

1. Visited https://backstroke.co.
2. Clicked on login
3. Accepted the oauth prompt for the other github account.
4. Was redirected back to app.backstroke.co, with an empty screen as expected.

[1egoman]

Just tried again and was able to replicate. I'll do some digging and see what's up. Thanks for letting me know about this, this is a serious issue.

[1egoman]

@brysgo I think I figured it out. Just pushed up a fix, can you confirm that you don't see this behavior anymore?

[brysgo]

@1egoman - got further, before having the same problem

[1egoman]

@brysgo Can you elaborate? Are you still able to impersonate my user account?

[brysgo]

@1egoman - It seems to be working now :-)

[1egoman]

Cool, glad I was able to solve this!