Name on BF not changing when changed on Twitch

[0x0verflow]

When chaning my name on Twitch, my name isn't changing on BeatFollower. I tried logging out and logging in, still the same problem.

Maybe you could have a look at it as I'm not able to create a fork of the website.

[piercy]

Hi @0x0verflow ill take a look, can you tell me what your name was, and what you changed it to?

[0x0verflow]

My current URL is: https://www.beatfollower.com/profile/redpix1

But I think you have a much bigger problem. I tried to fix the whole thing by myself by just sending a request with the data I wanted, but it timed out:

Just as every time I tried it in a browser (which actually seems to depend on CORS).

Maybe you could make the website open-source, too, then I could create a fork and fix this stuff, as I think there is even an IDOR (which I didn't test for legal reasons) in this request (see: "staff" and "isMember").

[piercy]

Hi, yeah ill look into changing the names. Its an interesting issue as i'd need to work out what to do about all the activities and recommendations you've already made (if you have any..). It isn't as simple as just changing the name, (albeit, maybe it should be that simple, food for thought for me..).

Regarding the other stuff you mentioned. The timeout is either you calling it in an incorrect way, or a bug with me not returning correctly (i just fixed a bug on this /user/update that wasn't returning). I need to handle some of the responses better which is why the API isn't really open to the public yet (but with the correct call, you could call them yourself). You won't be able update this information just by sending that request though, there are very few fields that /user/update accepts, and the ones it does are a non-concern. I'm lazy with how the front end sends data, so not all the fields sent, are used. Most of the data comes from me calling twitch, not from what the browser passes to me, so just calling update wont update your name. There will be a public api one day, and when that happens there will be documentation people can use to make sure they have things correct.

Regarding IDOR, Any ID's you find (which is unlikely but always possible) are going to be irrelevant as we don't update using these (as mentioned above we update from twitch not from user input), and all data on BF is public so, there's nothing to be gained from just viewing it.

Staff isn't used, it was an idea i had and hastily implemented.. I've decided against that approach and going down a different route. It's still there as i haven't got round to working on the other route yet, but when i do, that it will be removed. Currently, i think staff shows a small badge on your profile, but it doesn't actually have any special powers or features (and never did).

isMember is just weather a user is registered or not on BF. When you search someone who doesnt exist, its supposed to show their profile (currently bugged) with a message that says,"they aren't on BF maybe you should recommend it to them?". It doesn't do much other than that. It basically confirms that a user is on twitch and not on BF.

The website will one day go open source, but for now it will remain closed. I still have many things i want to do with it before its ready for open source status.

Some additional information as you seem like minded. Security wise there is nothing stored on BF that you cannot see on the front end, I don't store passwords, tokens or any other security information. This is all handled by twitch and i made sure to stay well out of the way on it.

[piercy]

I've resolved this, and the next version will now update your twitch name if it changes. Its worth noting that the twitch update happens periodically, so there might be a small amount of time where its out of sync. But it should fix itself within 24 hours.

I'm hoping to release the next version within the next week (maybe the weekend but have to see).

[0x0verflow]

Ok, great. I've found another problem, but I'll open another Issue for that. (#26) Thanks for fixing!

[piercy]

reopening as theres still an issue with this, its changed your name, but not your profile link (not sure why that would be but ill investigate. Ive fixed yours manually for now.

Edit: Note to self, need to update the LC value as only one is being updated atm.

[piercy]

think ive fixed