Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Correctly handle asynchronicity #81

Open
stefnotch opened this issue Oct 11, 2022 · 2 comments
Open

Correctly handle asynchronicity #81

stefnotch opened this issue Oct 11, 2022 · 2 comments

Comments

@stefnotch
Copy link
Collaborator

This has a bug, can you spot it?

async function setUserStore(newUser: User | null) {
    console.log("Updating user state", newUser);
    user.value = newUser;
    if (newUser) {
      const fetchedProfile = await useProfileService().fetchProfile(newUser);
      setProfileStore(fetchedProfile);
    } else {
      setProfileStore({});
    }
  }

Bug:
When the user changes very quickly, and supabase's response times are slow, then this can happen:

  • User changes to Jane
  • We start fetching the profile (!!!)
  • Jane logs out, thus the user changes to null
  • We set the profile to empty
  • Supabase returns the profile that we tried to fetch a while ago...and now we have a logged out user, with the profile of Jane
@sueszli
Copy link
Member

sueszli commented Oct 15, 2022
edited
Loading

Dang - this is an actual vulnerability (although not much harm could be done by logging users out randomly I suppose - except denial of service in a way).

@stefnotch
Copy link
Collaborator Author

I think since it's all client side, it's not much of a vulnerability.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@stefnotch @sueszli