invite code allows too many uses

ssbc / ssb-server

The gossip and replication server for Secure Scuttlebutt - a distributed social network

1.69k stars 164 forks source link

invite code allows too many uses #72

Closed pfrazee closed 9 years ago

pfrazee commented 9 years ago

two bugs with invite code use

one user can use an invite code multiple times. we should check if sbot is already following and, if so, return success without actually using the code
i created an invite code with 1 use, but it's allowed me to use it multiple times. not sure why

dominictarr commented 9 years ago

are you testing this manually or in a script? I admit there may be a racecondition if you request invites really fast... hmm, that is an attack vector that should be plugged.

pfrazee commented 9 years ago

manually in the phoenix ui

dominictarr commented 9 years ago

okay that shouldn't happen. I guess we should have a way to check how many follows have been used, too.