jbphet
commented
1 year ago Since this is likely to be a fairly significant effort, I'll put it on the project backlog and request time for it in an upcoming sprint.
Open jbphet opened 1 year ago
jbphet
commented
1 year ago Since this is likely to be a fairly significant effort, I'll put it on the project backlog and request time for it in an upcoming sprint.
jbphet
commented
1 year ago This was chosen as an item for the current sprint, so I'm assigning it to myself and starting on it.
jbphet
commented
1 year ago After further review, there are higher priority issues that should be addressed in Rosetta before tackling this, specifically some problems that have been recently reported by translators. I'm going to remove the high priority label, but leave the issue assigned to me.
While working with me on https://github.com/phetsims/rosetta/issues/412 @mattpen observed that the Rosetta client code isn't checking login status on page navigations. He said that it should. The issue also relates to how a publication request can be sent to the server with bogus user ID information, probably because the user's session has timed out.
For security reasons, we should probably improve Rosetta's behavior such that it does check login info on a page navigation and on publish requests and, if a user's session has expired, prompt them to re-enter their login credentials before allowing the request.