Previously when a secret is created , only one authenticated token is created. So when the secret is viewed by the recipient , the same authentication token is used to validate the user. This leads to identify recipient as the sender for future secret creations.
Fix
Now when creating a new secret, (for the first time), 2 authentication tokens are creating for both sender and recipient and authentication is done through them.
New workflow
Creating the secret for the first time
when entering both sender and receiver
Auth token is created for sender
Auth token is created for receiver
Empty secret is created
when entering only the sender
Auth token is created for sender
here on, both users will be authorized by their own tokens
NOTE
4 request specs are currently failing due to js validations are failing. I've checked them as a normal user and they all work in the app itself. its just that , capybara + rspec + js issue. I'll have a look whats going with them.
Issue
Previously when a secret is created , only one authenticated token is created. So when the secret is viewed by the recipient , the same authentication token is used to validate the user. This leads to identify recipient as the sender for future secret creations.
Fix
Now when creating a new secret, (for the first time), 2 authentication tokens are creating for both sender and recipient and authentication is done through them.
New workflow
Creating the secret for the first time
when entering both sender and receiver
when entering only the sender
here on, both users will be authorized by their own tokens
NOTE
4 request specs are currently failing due to
js
validations are failing. I've checked them as a normal user and they all work in the app itself. its just that ,capybara + rspec + js
issue. I'll have a look whats going with them.