fix: remove user credential from keyring #2627
Conversation
mslib/mscolab/file_manager.py
Outdated
| @@ -39,6 +39,8 @@ | |||
| from mslib.utils.verify_waypoint_data import verify_waypoint_data | |||
| from mslib.mscolab.models import db, Operation, Permission, User, Change, Message | |||
| from mslib.mscolab.conf import mscolab_settings | |||
| from mslib.utils.auth import del_password_from_keyring | |||
| from mslib.utils.config import config_loader | |||
There was a problem hiding this comment.
this won't work,
the config_loader belongs to.the MSUI and this is the application which is installed on the client side.
The server MSCOLAB is on some other location and of course has no idea about the passwords the user has in his machines keyring.
You need to lookup where in the MSUI the Delete Account is used and implement it nearby.
There was a problem hiding this comment.
This is one of three from the issue.
You need to extend the existing test to verify that the keyring is cleared, see
https://github.com/Open-MSS/MSS/blob/develop/tests/_test_msui/test_mscolab.py#L873
There can be another key/value pair in the keyring when the server has the login protected.
https://mss.readthedocs.io/en/stable/mscolab.html#protecting-login
The auth_username is configured in the users configuration and can be retrieved from there https://github.com/Open-MSS/MSS/blob/develop/mslib/utils/config.py#L208
you need a second delete for this, e.g. keyring del f"MSCOLAB_AUTH_{url}" MSCOLAB_auth_user_name
Purpose of PR?: User password is removed from keyring when account is deleted from MSColab.
Fixes #2624