Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check for clock skew on login #1236

Closed
wants to merge 1 commit into from
Closed

Check for clock skew on login #1236

wants to merge 1 commit into from

Conversation

jamesrisberg
Copy link
Contributor

PR Requirements

If you have made any visual changes to the GUI. Make sure you have:

  • Tested on iOS Tablet
  • Tested on small Android
  • n/a

Subtask of https://app.asana.com/0/361770107085503/838231819659034/f

paullinator
paullinator requested changes Feb 19, 2019
View reviewed changes
Copy link
Member

@paullinator paullinator left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See comments

ios/edge/Info.plist
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't believe this will work in production apps as Apple is strict about https

src/modules/Login/action.js
// Check clock skew against atomic time
try {
const remoteTime = await fetch('http://worldtimeapi.org/api/timezone/Etc/GMT')
const body = await remoteTime.json()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do not put a blocking network call in initAccount as this can slow down login times for users. This should run in the background and throw a modal once complete.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, we should probably have this at app startup time instead of initAccount as the user might not be able to login at all. This would entail moving almost the entire PR to the edge-login-ui repo which is a good idea so SDK partners get it as well.

@swansontec swansontec mentioned this pull request May 11, 2020
Open
@peachbits peachbits closed this May 11, 2020
@thehobbit85 thehobbit85 deleted the james/checkClockSkewOnLogin branch October 26, 2020 18:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@paullinator paullinator paullinator requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@jamesrisberg @paullinator @peachbits