search

geneontology / noctua-visual-pathway-editor

0 stars 0 forks source link

Barista token in URL for model in Visual Pathway editor #52

Closed pgaudet closed 1 year ago

pgaudet commented 1 year ago

Hi @tmushayahama

Is it normal that we see the basista token in the Visual Pathway editor? For example we see this now when we copy/paste the URL

http://noctua.geneontology.org/workbench/noctua-visual-pathway-editor/?barista_token=#########model_id=gomodel:63c0ac2b00000593

Thanks, Pascale

pgaudet commented 1 year ago

I think this is fixed? I dont see this anymore

pgaudet commented 1 year ago

In fact this seems to happen on and off when copying the URL

A model that was send from @pmasson55 to @ccasalsc gomodel:63d320cd00000820 caused @ccasalsc's Noctua session to be attributed to @pmasson5

However copying the URL for another model gomodel%3A63f809ec00001147 did not copy the token.

Any idea what's happening? Is this related to https://github.com/geneontology/noctua/issues/379?

Thanks, Pascale

pgaudet commented 1 year ago

Also wondering: In some URLs, the model id is prefixed with gomodel: , while in others its gomodel%3A So it looks like the URLs are not always generated in the same manner?

kltm commented 1 year ago

@pgaudet If you are using graph editor, you can absolutely hijack other peoples' sessions; once upon a time a feature. The graph editor is always a little "special". For now, remove a token when in the URL if you are sharing. See:

https://github.com/geneontology/noctua/issues/676 https://github.com/geneontology/noctua/issues/379 https://github.com/geneontology/noctua/issues/362

Even outside of the graph editor, a session can be hijacked, but I think that is a little off scope for this issue, which is the visual-pathway-editor.

If the token is showing up anywhere outside of the graph editor, that is something that Tremayne can look at, as ideally that is no longer happening. Whether something has http-encoding applied or not ("%3A" etc) should not really be relevant here.

pgaudet commented 1 year ago

Even outside of the graph editor, a session can be hijacked, but I think that is a little off scope for this issue, which is the visual-pathway-editor.

This happened using the pathway Editor, Swiss-Prot curators do not use the graph editor. Please move this to the appropriate repo.

kltm commented 1 year ago

If it's happening outside of the graph editor, this is the right spot :)