Page MenuHomePhabricator

Don't show personalized menu items until users establish a full session
ClosedPublic

Authored by epriestley on Nov 28 2017, 1:59 AM.
Tags
None
Referenced Files
F14125258: D18793.diff
Sat, Nov 30, 7:54 AM
Unknown Object (File)
Wed, Nov 27, 4:49 AM
Unknown Object (File)
Sat, Nov 23, 7:21 AM
Unknown Object (File)
Tue, Nov 19, 3:54 PM
Unknown Object (File)
Fri, Nov 15, 2:07 AM
Unknown Object (File)
Sun, Nov 10, 5:39 PM
Unknown Object (File)
Fri, Nov 8, 10:11 AM
Unknown Object (File)
Thu, Nov 7, 12:37 PM
Subscribers
None

Details

Summary

Depends on D18792. Fixes T13024. Fixes T89198. Currently, when users are logging in initially (for example, need to enter MFA) we show more menu items than we should.

Notably, we may show some personalized/private account details, like the number of unread notifications (probably not relevant) or a user's saved queries (possibly sensitive). At best these are misleading (they won't work yet) and there's an outside possibility they leak a little bit of private data.

Instead, nuke everything except "Log Out" when users have partial sessions.

Test Plan

Hit a partial session (MFA required, email verification required) and looked at the menu. Only saw "Log Out".

Screen Shot 2017-11-27 at 5.53.49 PM.png (815×1 px, 107 KB)

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable