Closed
Bug 1077328
Opened 10 years ago
Closed 10 years ago
Guest users should not be able to call FxA users direct
Categories
(Hello (Loop) :: Server, defect)
Hello (Loop)
Server
Tracking
(Not tracked)
VERIFIED
FIXED
People
(Reporter: standard8, Assigned: rhubscher)
Details
(Whiteboard: [qa+])
Attachments
(1 file)
I've just confirmed this locally. As a guest user, I'm able to create a direct call to a signed-in FxA user via their email address. According to RT, this shouldn't be possible, as it creates the possibility to spam logged in users without being logged in.
|
||
Comment 1•10 years ago
|
||
That's correct, thanks for reporting!
|
Assignee | |
Updated•10 years ago
|
Assignee: nobody → rhubscher
Status: NEW → ASSIGNED
|
|
Assignee | |
Comment 2•10 years ago
|
||
Attachment #8500417 -
Flags: review?(tarek)
Attachment #8500417 -
Flags: review?(alexis+bugs)
|
|
||
Comment 3•10 years ago
|
||
Comment on attachment 8500417 [details] [review] Link to GitHub PR. r+ing for me and tarek since he's off until wed.
Attachment #8500417 -
Flags: review?(tarek)
Attachment #8500417 -
Flags: review?(alexis+bugs)
Attachment #8500417 -
Flags: review+
|
|
||
Comment 4•10 years ago
|
||
https://github.com/mozilla-services/loop-server/commit/139b96474511560471bc998602459c6deb401698
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
|
||
Updated•10 years ago
|
Whiteboard: [qa+]
|
|
||
Comment 5•10 years ago
|
||
Part of 0.12.4/0.12.5
You need to log in
before you can comment on or make changes to this bug.
Description
•