Closed dholms closed 2 weeks ago
pfrazee
commented
2 weeks ago Is this right? Isn't the problem that the apps are dropping personalDetailsPref because it's written as a single blob, and they don't have access to it? I think the fix needs to be that the server preserves the personalDetailsPref in this case, not that it throws
dholms
commented
2 weeks ago Yeah there's two parts to the putPreferences - it throws if an app password is trying to write a new value to personalDetailsPref but just strips it out of the values to delete if an app password doesn't provide a value
pfrazee
commented
2 weeks ago Right -- my bad, I had the wrong mental model for the backend, so the diff seemed wrong.
This LGTM
We don't let app passwords read
personalDetailsPref. This prevents app passwords from writing or deleting the preferences as wellCloses https://github.com/bluesky-social/atproto/issues/2555