Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not store connection passwords in local storage before receiving neo4j config #1219

Merged
merged 1 commit into from
Oct 16, 2020
Merged

Do not store connection passwords in local storage before receiving neo4j config #1219

merged 1 commit into from
Oct 16, 2020

Conversation

HerrEmil
Copy link
Contributor

Passwords are temporarily stored in local storage between connecting and receiving the config even if the browser.retain_connection_credentials neo4j config flag is false. To avoid storing passwords in localstorage unless the config flag is true, this PR changes three things:

  • The default value for the flag in redux store is now false
  • The store selector returns false if the flag is null or undefined
  • The local storage middleware checks the flag before saving to storage and replaces all passwords with an empty string unless the flag is true.

@HerrEmil HerrEmil added the bug label Oct 15, 2020
jk05
jk05 reviewed Oct 16, 2020
View reviewed changes
src/shared/services/localstorage.ts
@@ -18,13 +18,15 @@
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/

import { dehydrate } from 'services/duckUtils'
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this not needed here now?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The matching hydrate code that adds a flag on redux states is never called in current version, so it should be safe to never call dehydrate to remove the flag. As far as I can see, it is safe to remove the hydrate/dehydrate functions completely, they seem to only be used in their test cases. But I left them in this PR to not have a large diff to review.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 I wasnt sure what it does really.

oskarhane
oskarhane approved these changes Oct 16, 2020
View reviewed changes
Copy link
Member

@oskarhane oskarhane left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well done, seems to work as expected 🏑

@HerrEmil HerrEmil merged commit 7cf6f15 into neo4j:master Oct 16, 2020
@HerrEmil HerrEmil deleted the fix/respect-retain_connection_credentials-false branch October 16, 2020 11:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jk05 jk05 jk05 left review comments

@oskarhane oskarhane oskarhane approved these changes

@OskarDamkjaer OskarDamkjaer Awaiting requested review from OskarDamkjaer

Assignees
No one assigned
Labels
bug changelog
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@HerrEmil @oskarhane @jk05 @OskarDamkjaer