Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Only return email addresses in from appropriate RPCs #45

Closed
derrell opened this issue Jul 25, 2011 · 6 comments
Closed

Only return email addresses in from appropriate RPCs #45

derrell opened this issue Jul 25, 2011 · 6 comments
Assignees
@reedspool

Comments

@derrell
Copy link
Owner

derrell commented Jul 25, 2011

Currently, the mobile tag=all request is returning email addresses instead of (or in addition to) display names. Email addresses should never be returned except in the following two cases (I believe):

  • the RPC used by user management, which requires specific access privs
  • the whoAmI function, which returns details about the currently-logged-in user

Check everyplace that references ObjVisitors to be sure that the "id" field is not returned.
@ghost ghost assigned reedspool Jul 25, 2011
@reedspool
Copy link
Collaborator

The Owner field in ObjAppData refers to e-mail, the above makes it seem like this should not be the case? In every place that ObjAppData is queried, e-mail is exchanged for display name in a separate action.

@derrell
Copy link
Owner Author

derrell commented Jul 25, 2011

On Mon, Jul 25, 2011 at 15:52, reedspool <
reply@reply.github.com>wrote:

The Owner field in ObjAppData refers to e-mail, the above makes it seem
like this should not be the case? In every place that ObjAppData is queried,
e-mail is exchanged for display name in a separate action.

ObjAppData is at the backend. What is critical is that no RPC return email
addresses from ObjAppData or ObjVisitors, except for the very special
(currently) two. All other cases where email addresses are in the database,
the email address should be replaced with the displayName in the RPC result.

Derrell

@reedspool
Copy link
Collaborator

I'm going to write 2 functions in MVisitors.js which exchange displayName for email and vice-versa

@derrell
Copy link
Owner Author

derrell commented Jul 25, 2011

On Mon, Jul 25, 2011 at 16:09, reedspool <
reply@reply.github.com>wrote:

I'm going to write 2 functions in MVisitors.js which exchange displayName
for email and vice-versa

Sounds fine. Do we need the vice-versa? I suppose similar functionality is
already in use, for retrieving the ObjVisitors object given a display name,
so merging those seems reasonable.

Derrell

@reedspool
Copy link
Collaborator

Added 2 functions: MVisitors._getDisplayName(userId) and MVisitors._getVisitorId(displayName). They do what you would suppose them to do, returning displayName or email (using email interchangeably Visitor ID)

These functions are now in use in the Mobile client, and could be used to simplify a bunch of code in MApps.js which does the same.

@reedspool
Copy link
Collaborator

These functions are also regression tested

@derrell derrell closed this as completed Sep 24, 2011
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@reedspool reedspool

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@derrell @reedspool