zkc icon indicating copy to clipboard operation
zkc copied to clipboard

Published 20 hours ago verified publisher icon companyzero

auth code handling

Open behindtext opened this issue 7 years ago • 2 comments

when zkserver is running with createpolicy = token, if a client attempts to either reuse an existing authentication code or use an incorrect auth code, the server exposes its identity and the client is stuck at the yes/no prompt for the server with the message "Could not create account: not allowed" after the client attempts to accept the server's keys.

The preferred behavior would be for the client to be returned to the original screen where they enter their username, nick, server, and auth code, so they can reattempt with a valid auth code. Also, the server should not expose its identity unless a valid auth code is entered.

behindtext avatar Dec 22 '17 15:12 behindtext

The prompt at the bottom of the page should say F10 to exit.

I need to think about the token + identity bits because that is a chicken and egg problem.

marcopeereboom avatar Dec 22 '17 15:12 marcopeereboom

After fixing a bunch of issues in #100 this remains a side issue. We need protocol changes to enable a better flow of pre-session messages including proper error messages between client and server. This needs a redesign.

marcopeereboom avatar Dec 17 '18 22:12 marcopeereboom