search

nwfsc-fram / boatnet

At-Sea Field Data Collection Software Components for Scientific Surveys and Observers
8 stars 5 forks source link

Deactivated account remains logged in if open when deactivated #1690

Closed ericbrasseur-NOAA closed 4 years ago

ericbrasseur-NOAA commented 4 years ago

My account showed deactivated when I attempted to log in from another device, however it remained active and usable on the device where I had left the application open and logged in. This is a huge security issue if we ever need to deactivate a user account.
Deactivation should automatically force the log out of all instances for the user deactivated.
Since offline use is possible as well, a method to block any updates from a user that started offline and who's account is deactivated should be established.

I am sure permit owners will fire captains and want to prevent them from making changes.

@neilriley-NOAA @sethgerou-noaa @scottleach-NOAA @johnlafargue-noaa

ghost commented 4 years ago

Addressed in https://github.com/nwfsc-fram/boatnet-module/pull/63