Internal user notes #6

davidism · 2016-07-11T19:41:36Z

Add comments to each user, possibly referencing a specific message for context.

kms70847 · 2016-08-03T13:21:05Z

Who should have the ability to read these user notes? Who should have the ability to create/edit these user notes?

I'm imagining that the primary method of access here is through a user script that adds these notes to the box that appears when you click on a user's name in the chat room, possibly popping out to a larger panel if there's a lot of data.

But if we do that, then it's not clear to me how we'd restrict access to only trusted users. The source code of both the user script and the server would be accessible to anyone looking at this repository. That allows attackers to thwart simple forms of authentication like "tell the server your user id", since they have full control over their own client's behavior and can easily impersonate others.

davidism · 2016-08-03T13:53:59Z

As discussed in chat:

Generate a token: https://pythonhosted.org/itsdangerous/
If the userscript can't find the token, ask the user to enter one
Requests send this token as a header
Server checks if the token is valid

… Notes"

davidism mentioned this issue Jul 11, 2016

Internal user flags #7

Open

kms70847 added a commit that referenced this issue Jul 25, 2016

Create new command "!join" which tries to get Terry to join room #6.

8cb5b22

kms70847 self-assigned this Aug 5, 2016

kms70847 added a commit that referenced this issue Aug 11, 2016

Initial not-quite-working implementation for Issue #6, "Internal User…

7bb7d03

… Notes"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Internal user notes #6

Internal user notes #6

davidism commented Jul 11, 2016

kms70847 commented Aug 3, 2016

davidism commented Aug 3, 2016

Internal user notes #6

Internal user notes #6

Comments

davidism commented Jul 11, 2016

kms70847 commented Aug 3, 2016

davidism commented Aug 3, 2016