Closed brysgo closed 7 years ago
My best guess is that the deployment is using your whoamiMock.
😲
I'll take a look and see if I can debug the issue. Thanks for bringing it to my attention.
Turns out it was just a hardcoded value from my mockups that I forgot to change. https://github.com/backstrokeapp/dashboard/blob/master/src/components/link-list/index.js#L93
No security issues here!
Fixed in https://github.com/backstrokeapp/dashboard/commit/a9811dd921fa8526c8f332efc3aab9adc1091d16. Thanks again @brysgo!
for some reason app.backstroke.co
still logs me in as you
@brysgo Can you give me a screenshot? Where does it indicate that you are logged in as me?
That isn't good. Did you get an oauth prompt to login with github? What are the steps that you took to get into that state?
I just tried to login with another Github account that I have and I couldn't replicate this behavior. What I did:
https://backstroke.co
.login
app.backstroke.co
, with an empty screen as expected.Just tried again and was able to replicate. I'll do some digging and see what's up. Thanks for letting me know about this, this is a serious issue.
@brysgo I think I figured it out. Just pushed up a fix, can you confirm that you don't see this behavior anymore?
@1egoman - got further, before having the same problem
@brysgo Can you elaborate? Are you still able to impersonate my user account?
@1egoman - It seems to be working now :-)
Cool, glad I was able to solve this!
It would appear that the current user is hardcoded to 1egoman.