Skip to content

Security: Clear clipboard on logout and when privileges change #3512

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
lastzero opened this issue Jun 30, 2023 · 2 comments
Closed

Security: Clear clipboard on logout and when privileges change #3512

lastzero opened this issue Jun 30, 2023 · 2 comments
Assignees
@lastzero
Labels
enhancement Enhancement or improvement of an existing feature released Available in the stable release security Impact on server or browser security ux Impacts User Experience

Comments

@lastzero
Copy link
Member

lastzero commented Jun 30, 2023
edited
Loading

As a user who shares his/her browser with other users or uses multiple accounts with different permissions, I want all local storage to be cleared when I log out or switch accounts so that random entity UIDs are not leaked.

When you clear the entire local storage, the search sort order, view type, and expanded navigation state are also reset. So this might not please all users. Changes therefore require UX testing. Alternatively, it would be possible to delete only the clipboard contents and leave the rest intact.

This is related to the following report:
@lastzero lastzero added enhancement Enhancement or improvement of an existing feature ux Impacts User Experience security Impact on server or browser security labels Jun 30, 2023
@lastzero lastzero self-assigned this Jun 30, 2023
@lastzero lastzero moved this to Development 🐝 in Roadmap 🚀✨ Jun 30, 2023
@lastzero lastzero changed the title Auth: Ensure that all local storage is cleared when a user logs out Auth: Ensure that local storage is cleared when a user logs out Jun 30, 2023
@lastzero lastzero added the in-progress Somebody is working on this label Jul 14, 2023
lastzero added a commit that referenced this issue Jul 14, 2023
@lastzero
Auth: Ensure clipboard is cleared on logout and privilege change #3512
0e93bd8 
Signed-off-by: Michael Mayer <michael@photoprism.app>
@lastzero lastzero changed the title Auth: Ensure that local storage is cleared when a user logs out Security: Clear clipboard on logout and when privileges change Jul 14, 2023
@lastzero lastzero added please-test Ready for acceptance test and removed in-progress Somebody is working on this labels Jul 14, 2023
@lastzero
Copy link
Member Author

@CodazziS An updated development preview build will be available for testing soon.

@lastzero lastzero moved this from Development 🐝 to Preview 🐳 in Roadmap 🚀✨ Jul 14, 2023
lastzero added a commit that referenced this issue Jul 18, 2023
@lastzero
Auth: Delete user sessions after a permission level change #3512
7b9b2ae 
Signed-off-by: Michael Mayer <michael@photoprism.app>
lastzero added a commit that referenced this issue Jul 18, 2023
@lastzero
Auth: Improve privilege level change detection #3512
4931889 
Signed-off-by: Michael Mayer <michael@photoprism.app>
@lastzero lastzero moved this from Preview 🐳 to Released 🌈 in Roadmap 🚀✨ Jul 19, 2023
@lastzero lastzero added released Available in the stable release and removed please-test Ready for acceptance test labels Jul 19, 2023
@CodazziS
Copy link

Tested today, working fine.

Thank you for quick fix

graciousgrey added a commit that referenced this issue Jul 24, 2023
@graciousgrey
Tests: Add more unit tests #3512
c9d1413
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lastzero lastzero

Labels
enhancement Enhancement or improvement of an existing feature released Available in the stable release security Impact on server or browser security ux Impacts User Experience
Projects
Roadmap 🚀✨
Status: Release 🌈
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lastzero @CodazziS