Open ckingdev opened 8 years ago
As for seeing the user ID's, that's always been possible using a bot or even just inspecting the packets going through the websocket.
The crashing could probably be fixed though...
IMO it's more important for future development. It makes it much easier to have bugs wrt authentication if a user can already see the host UI.
Au contraire, authentication checks ought to be independent of visibility checks. Making the host UI available (in a hidden way) can serve as a vehicle for testing instead.
Opening the console in a room and executing
Heim.chat.store.state.isManager = true
changes the ui to that of a host. The user can now view the IDs of users in the room. Attempting to PM someone results in the room crashing. (see report d5d1b0c9eba24ef4861c9a61c45be3a9)