NCommander
commented
6 years ago I'm uncomfortable with "select first context available" as that sounds like a recipe for disaster. Right now, contexts have no inherent order in the system as our primary keys are UUID, and row order is not enforced by SQLite or other databases, the context could change randomly if SQLite gets updated or the phase of the moon changes.
This likely should be implemented in two steps, specifically, implementation of URLs that bypass context selection and receiver selection and bring us directly to the upload page/proof of work. Those pages will have to be modified to clearly show the context and receiver that the submission is going to.
Once that's done, we should allow creation of short(er) URLs, possibly with the pre-existing URL simplifier that allows direct submission or allow receivers to select a default context.
There's also a (minor) security issue, as far as I know, we don't expose usernames anywhere else in the system. If the username is publicly known, it does reduce the amount of effort to successfully breach an account.
evilaliv3
Current behavior There are multi-user whistleblowing initiatives where it maybe useful to have the ability to address directly specific users by submitting directly material to them in a simple way.
Expected behavior This ticket is to implement a feature to submit tips to specific enduser of the platform on the simplified URL /$USERNAME .
When a whistleblower access /$USERNAME will get presented with the first context available where the $USERNAME is found to be recipient of, enabling to make a submission directly to that enduser.
The whistleblower will need to be informed that he is making a submission to $USERNAME along with his description.