Page MenuHomePhabricator
Differential D9295

[keyserver] validate policies only for logged in users
ClosedPublic
Actions

Authored by kamil on Sep 26 2023, 3:49 AM.
Tags
None
Referenced Files
F2106766: D9295.id31611.diff
Tue, Jun 25, 8:43 AM
F2106765: D9295.id31420.diff
Tue, Jun 25, 8:43 AM
F2106742: D9295.id.diff
Tue, Jun 25, 8:42 AM
F2106701: D9295.diff
Tue, Jun 25, 8:38 AM
Unknown Object (File)
Wed, Jun 19, 8:49 PM
Unknown Object (File)
Wed, Jun 19, 8:49 PM
Unknown Object (File)
Wed, Jun 19, 8:48 PM
Unknown Object (File)
Tue, Jun 11, 5:14 PM
View All 57 Files
Subscribers
ashoat

Details

Reviewers
tomek
michal
Commits
rCOMM72c031ecd01d: [keyserver] validate policies only for logged in users
Summary

Fix for ENG-4978.

An alternative solution is running policiesReducer only when user is logged in to avoid setting flag in store, but changing this on keyserver seems more appropriate, as keyserver should've never throw policies_not_accepted for anonymous user.

Test Plan

Make sue policies work:

  • tested for live session
  • tested for logged in

Diff Detail

Repository
rCOMM Comm
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

kamil created this revision.Sep 26 2023, 3:49 AM
kamil held this revision as a draft.
Herald added a subscriber: ashoat. · View Herald TranscriptSep 26 2023, 3:49 AM
Harbormaster completed remote builds in B22843: Diff 31420.Sep 26 2023, 4:07 AM
kamil published this revision for review.Sep 26 2023, 4:20 AM
tomek accepted this revision.Sep 26 2023, 7:53 AM

Is it valid to require policy acceptance only when a user is logged in? When a user isn't logged in, we don't allow them to do much, but I'm wondering, if from the legal perspective, we should require them to agree to something.

This revision is now accepted and ready to land.Sep 26 2023, 7:53 AM
kamil added a child revision: D9320: [lib] don't dispatch policy acknowledgment action when user is not logged in.Sep 28 2023, 8:27 AM
kamil added a comment.Oct 3 2023, 6:36 AM
In D9295#273224, @tomek wrote:

Is it valid to require policy acceptance only when a user is logged in? When a user isn't logged in, we don't allow them to do much, but I'm wondering, if from the legal perspective, we should require them to agree to something.

Can't find a comment right now, but I remember this was discussed and for logged-out users, we use only default data while returning something, don't allow to use of any features of Comm, and don't collect any sensitive data, so it was okay.
I think this could be reconsidered/consulted with legal specialists while working on policies service.

kamil added a reverting change: D9320: [lib] don't dispatch policy acknowledgment action when user is not logged in.Oct 3 2023, 6:38 AM
Closed by commit rCOMM72c031ecd01d: [keyserver] validate policies only for logged in users (authored by kamil). · Explain WhyOct 3 2023, 6:46 AM
This revision was automatically updated to reflect the committed changes.
kamil added a commit: rCOMM72c031ecd01d: [keyserver] validate policies only for logged in users.
kamil added a reverting change: rCOMMbc919fd2511d: [lib] don't dispatch policy acknowledgment action when user is not logged in.
kamil added a comment.Oct 3 2023, 6:48 AM

Related to: https://phab.comm.dev/D9295#274628
There is no reverting change, I've added the phrase Revert D[number] as part of the D9320 test plan and phabricator treated this as a reverting change for this diff 😳😳

Revision Contents
Changeset List

PathSize
keyserver/
src/
utils/
2 lines

Diff 31611

View Options

keyserver/src/utils/validation-utils.js

Loading...