Consider returning email in search results for authenticated users

RESOLVED FIXED

Status

RESOLVED FIXED
6 years ago
5 years ago

People

(Reporter: mjschranz, Unassigned)

Tracking

Details

(Reporter)

Description

6 years ago
While testing Scott's patch for searching by email I was puzzled at first that I wasn't getting email in the results before remembering the patch I landed. Then it hit me, how can I easily know from the consumers perspective( our apps ) that it is returning the correct data when filtering on email?

I think for security reasons we definitely want it turned off by default, but it seems sane to me that authenticated users should be able to see the email in the results that come back.

Thoughts?
Flags: needinfo?(swex)
Flags: needinfo?(scott)
Flags: needinfo?(jon)
Flags: needinfo?(david.humphrey)
Flags: needinfo?(chris)
Hm, why do you ever need the email returned?

Do you need to confirm the data you requested is in fact the data you requested? Is there a reason it would not be the user's data?

I think this is why searching on email needs to be possible while searching something else, because you cannot go back over the data and search again.

It does sound reasonable to return the email to authenticated users if we have a reason to do so.
Flags: needinfo?(scott)
-1 to getting emails back. 

I would personally prefer not to have my email being turned up in other peoples search results. 

I see no reason that authenticated or anonymous requests to the api would ever need to get the email address of the creator. IMHO, it should be a webmaker username and not an email.
Flags: needinfo?(chris)

Comment 3

6 years ago
Yeah, Chris is spot on. Arguably, the MakeAPI shouldn't even store email addresses; it should store some webmaker user id.
Flags: needinfo?(jon)
(Reporter)

Comment 4

6 years ago
Webmaker user id is too specific. In an ideal world the schema should support makes that aren't coming from our tools.
Can you not sanitize things for the public (i.e., from browser) case, and leave this in for the internal, basic auth case (i.e., from one of our node apps)?  Just strip the email when you had it out to the public.
Flags: needinfo?(david.humphrey)
With usernames in place this feels resolved.
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
(Reporter)

Updated

5 years ago
Flags: needinfo?(swex)
You need to log in before you can comment on or make changes to this bug.