Page MenuHomePhabricator

[keyserver] validate policies only for logged in users
ClosedPublic

Authored by kamil on Sep 26 2023, 3:49 AM.
Tags
None
Referenced Files
F3761213: D9295.id31611.diff
Fri, Jan 10, 2:49 PM
F3761212: D9295.id31420.diff
Fri, Jan 10, 2:49 PM
F3760918: D9295.id.diff
Fri, Jan 10, 2:23 PM
Unknown Object (File)
Fri, Jan 10, 9:02 AM
Unknown Object (File)
Thu, Dec 26, 7:15 PM
Unknown Object (File)
Tue, Dec 24, 8:46 PM
Unknown Object (File)
Tue, Dec 24, 9:17 AM
Unknown Object (File)
Dec 9 2024, 6:29 PM
Subscribers

Details

Summary

Fix for ENG-4978.

An alternative solution is running policiesReducer only when user is logged in to avoid setting flag in store, but changing this on keyserver seems more appropriate, as keyserver should've never throw policies_not_accepted for anonymous user.

Test Plan

Make sue policies work:

  • tested for live session
  • tested for logged in

Diff Detail

Repository
rCOMM Comm
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

kamil held this revision as a draft.
kamil published this revision for review.Sep 26 2023, 4:20 AM

Is it valid to require policy acceptance only when a user is logged in? When a user isn't logged in, we don't allow them to do much, but I'm wondering, if from the legal perspective, we should require them to agree to something.

This revision is now accepted and ready to land.Sep 26 2023, 7:53 AM
In D9295#273224, @tomek wrote:

Is it valid to require policy acceptance only when a user is logged in? When a user isn't logged in, we don't allow them to do much, but I'm wondering, if from the legal perspective, we should require them to agree to something.

Can't find a comment right now, but I remember this was discussed and for logged-out users, we use only default data while returning something, don't allow to use of any features of Comm, and don't collect any sensitive data, so it was okay.
I think this could be reconsidered/consulted with legal specialists while working on policies service.

Related to: https://phab.comm.dev/D9295#274628
There is no reverting change, I've added the phrase Revert D[number] as part of the D9320 test plan and phabricator treated this as a reverting change for this diff 😳😳