supervisor login gets lost and new supervisor created even if the same person

[bjornregnell]

• How to reproduce this bug consistently?

• Conceptual problem: what does it mean if a supervisor tries to login with the same name? Is it a new supervisor that happens to have the same name? Or is it the same supervisor that lost the logged in page?

• Possible solutions:

  • Provide a "secret" for all supervisors with curated list of supervisors that is hardcoded in the code and updated every year. It is not a big problem if the "secret" can be read in the code openly as we assume that people using Beppe are nice.
  • Provide a cookie to remember who logged in supervisors are - this is not so good as I want Sigrid not so stor personal information to avoid any even remotely GDPR-related issues.
  • ...?

[stagrim]

To reproduce:

1. Got to supervisor portal.
2. Login
3. When logged in, the url will be /{secret}/login?{parameters}. Now refresh the page.
4. A new user will be created on each page refresh, since a new login request is sent to the server.

When an action i chosen and "update" is pressed the url will change to /{secret}/update?{parameters}, after which refreshing the page works as intended. A fix would be to redirect from a successful login request to the update page to avoid submitting many login requests on each refresh, which produces the bug.

[stagrim]

Experimenting a bit I noticed that a refresh on the update page also sends a request repeating the last update, meaning that the, for example, pop queue action mistakenly can be repeated on a refresh to check for new events on the page.

A possible fix would be to redirect an update request to the supervising state, since such repeated request to update the page would result in no other side effects.

[bjornregnell]

Seems reasonable! If you like, you are very welcome to experiment with a fix in line with your proposal. You can test Sigrid locally on localhost:8091 after sbt run according to instructions in readme.

[bjornregnell]

(Unfortunately akka-http is a big beast and I have just copy-pasted examples from their docs without really understanding whats happening under the hood...)

[bjornregnell]

Perhaps an if-expression of some kind is enough here: https://github.com/bjornregnell/sigrid/blob/master/src/main/scala/SigridServer.scala#L24 ?