search

reinteractive / secretlink

TopSekr.it - Share with impunity
https://topsekr.it/
Other
4 stars 0 forks source link

Fix sharing same authentication token between sender and recipient #29

Closed sameera207 closed 8 years ago

sameera207 commented 8 years ago

Issue

Previously when a secret is created , only one authenticated token is created. So when the secret is viewed by the recipient , the same authentication token is used to validate the user. This leads to identify recipient as the sender for future secret creations.

Fix

Now when creating a new secret, (for the first time), 2 authentication tokens are creating for both sender and recipient and authentication is done through them.

New workflow

Creating the secret for the first time

when entering both sender and receiver

when entering only the sender

here on, both users will be authorized by their own tokens

NOTE

4 request specs are currently failing due to js validations are failing. I've checked them as a normal user and they all work in the app itself. its just that , capybara + rspec + js issue. I'll have a look whats going with them.

sameera207 commented 8 years ago

@ralovely , for this Friday PD ... :smile: