search

kaloyan-raev / hello-storj

Demo app for integrating the libstorj native library in Android
GNU General Public License v3.0
5 stars 3 forks source link

Server-side validation of user credentials #12

Closed kaloyan-raev closed 6 years ago

kaloyan-raev commented 7 years ago

The Import Keys feature does not check if the provided credentials are actually valid on the Bridge.

The following 2-step validation should be done in addition to the current client-side validation:

  1. List buckets. -- if error code 200 or 304 is received then user and password match -- If error code 401 is received then user and password does not match -- in all other cases - unknown error
  2. Check if the listed buckets can be decrypted with the provided encryption key -- if at least one bucket is decrypted successfully then the encryption key is accepted as valid -- if none of the buckets can be decrypted then the encryption key is invalid -- if no buckets in the account - the encryption key is accepted as valid
kaloyan-raev commented 6 years ago

This is now available in v0.8.