Page MenuHomePhabricator
Differential D5626

Display an alert when sensitive data are purged
ClosedPublic
Actions

Authored by marcin on Nov 14 2022, 2:44 AM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Jul 5, 8:50 PM
Unknown Object (File)
Fri, Jul 5, 4:05 PM
Unknown Object (File)
Fri, Jul 5, 11:15 AM
Unknown Object (File)
Tue, Jul 2, 10:07 AM
Unknown Object (File)
Sun, Jun 30, 6:45 AM
Unknown Object (File)
Wed, Jun 26, 9:59 PM
Unknown Object (File)
Wed, Jun 26, 9:59 PM
Unknown Object (File)
Wed, Jun 26, 9:59 PM
View All Files
Subscribers
abosh
tomek

Details

Reviewers
atul
ashoat
Commits
rCOMMa78143ad03b0: Display an alert when sensitive data are purged
Summary

This differential alerts: developer, staff members and users on a staff release when sensitive data (currently database and data in secure store) are removed due to change in credentials of currently logged-in user.

Test Plan

Build the app, log out, create new account then delete it. in both cases the alert should be displayed.

Diff Detail

Repository
rCOMM Comm
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

marcin created this revision.Nov 14 2022, 2:44 AM
Herald added subscribers: abosh, tomek. · View Herald TranscriptNov 14 2022, 2:44 AM
marcin added a comment.EditedNov 14 2022, 2:45 AM

Added @ashoat since this diff involves text displayed to the user.

Harbormaster completed remote builds in B13420: Diff 18406.Nov 14 2022, 2:57 AM
marcin requested review of this revision.Nov 14 2022, 2:57 AM
ashoat requested changes to this revision.Nov 14 2022, 6:42 AM
ashoat added inline comments.
native/data/sqlite-context-provider.js
48 ↗(On Diff #18406)

If the user is now logged out, won't this be false on prod? I think we should also check staffUserHasBeenLoggedIn, as indicated in my comment on the task.

Separately, I wonder if we should be checking staffUserHasBeenLoggedIn for the other Alerts in this file... @atul, what do you think?

50–51 ↗(On Diff #18406)

Let's be more clear

This revision now requires changes to proceed.Nov 14 2022, 6:42 AM
marcin updated this revision to Diff 18478.Nov 16 2022, 6:46 AM

Make alert text more explicit. Add staffUserHasBeenLoggedIn to condition

Harbormaster completed remote builds in B13479: Diff 18478.Nov 16 2022, 6:59 AM
ashoat accepted this revision.Nov 16 2022, 7:30 PM
ashoat added 1 blocking reviewer(s): atul.

Looks good to me, but want to make sure @atul takes a look also

atul accepted this revision.Nov 17 2022, 9:52 AM

Looks good to me. Should we maybe have a separate Alert.alert(...) before the call to commCoreModule.clearSensitiveData() just in case it throws an exception and the current Alert.alert(...) is skipped?

native/data/sqlite-context-provider.js
51 ↗(On Diff #18478)

Ah TIL you can pass two strings to Alert.alert(...) and set the title and contents separately. I've just been setting the title this whole time without thinking... that's good to know.

This revision is now accepted and ready to land.Nov 17 2022, 9:52 AM
marcin updated this revision to Diff 18558.Nov 18 2022, 12:24 AM

Rebase before landing

Harbormaster failed remote builds in B13540: Diff 18558!Nov 18 2022, 12:36 AM
marcin added a comment.Nov 18 2022, 12:40 AM

Should we maybe have a separate Alert.alert(...) before the call to commCoreModule.clearSensitiveData() just in case it throws an exception and the current Alert.alert(...) is skipped?

That is a good question. I was hesitating between having an alert before or after `clearSensitiveData fires, but tbh I didn't consider having both. On one hand this alert is displayed exclusively to staff members who expect clearSensitiveData to fire in the case of log out or account deletion. So when user performs one of those actions and the alert doesn't show up we know something has gone wrong. On the other something might have gone wrong before we even started clearSensitiveData. Therefore when this alert doesn't show up leaves us with two questions: 1) did clearSensitiveData failed or sth else? 2) If clearSensitiveData then why. Having two alerts: one before and the other after gives us explicit answer to 1) and leave only with 2). That said I will introduce both alerts. If my reasoning is wrong then the change is simple to revert.

marcin updated this revision to Diff 18559.Nov 18 2022, 12:54 AM

Add additional alert before SQLite deletion fires

Harbormaster completed remote builds in B13541: Diff 18559.Nov 18 2022, 1:08 AM
marcin requested review of this revision.Nov 18 2022, 8:44 AM

Re-requesting review since changes are small but important since they involve text displayed to the user.

ashoat resigned from this revision.Nov 18 2022, 12:39 PM
atul accepted this revision.Nov 18 2022, 1:36 PM
This revision is now accepted and ready to land.Nov 18 2022, 1:36 PM
atul retitled this revision from Display and alert when sensitive data are purged to Display an alert when sensitive data are purged.Nov 18 2022, 1:36 PM
marcin updated this revision to Diff 18667.Nov 21 2022, 5:38 AM

Rebase before landing

Harbormaster completed remote builds in B13625: Diff 18667.Nov 21 2022, 5:52 AM
Closed by commit rCOMMa78143ad03b0: Display an alert when sensitive data are purged (authored by marcin). · Explain WhyNov 21 2022, 5:53 AM
This revision was automatically updated to reflect the committed changes.
marcin added a commit: rCOMMa78143ad03b0: Display an alert when sensitive data are purged.

Revision Contents
Changeset List

PathSize
native/
data/
13 lines

Diff 18671

View Options

native/data/sqlite-context-provider.js

Loading...