Separate password caches for WebUI and IMAP (Trac #1910)

Open str4d opened this issue 8 years ago • 1 comments

The IMAP API as originally implemented uses the same internal password cache for logging in as the WebUI. This has the side-effect of the WebUI being unlocked while a mail client is authenticated with IMAP, which is unintuitive and unlikely to match user expectations.

The password cache system should be extended with independent authentication contexts.

Migrated from https://trac.i2p2.de/ticket/1910

{
    "status": "assigned", 
    "changetime": "2017-01-17T12:48:22", 
    "description": "The IMAP API as originally implemented uses the same internal password cache for logging in as the WebUI. This has the side-effect of the WebUI being unlocked while a mail client is authenticated with IMAP, which is unintuitive and unlikely to match user expectations.\n\nThe password cache system should be extended with independent authentication contexts.", 
    "reporter": "str4d", 
    "cc": "", 
    "resolution": "", 
    "_ts": "1484657302682027", 
    "component": "apps/plugins", 
    "summary": "Separate password caches for I2P-Bote WebUI and IMAP", 
    "priority": "minor", 
    "keywords": "I2P-Bote security", 
    "version": "0.9.28", 
    "parents": "", 
    "time": "2017-01-03T18:20:23", 
    "milestone": "undecided", 
    "owner": "str4d", 
    "type": "defect"
}

Apr 16 '17 23:04 str4d

Trac update at 20170117T12:48:22:

zzz changed owner from "" to "str4d"
zzz changed status from "new" to "assigned"
zzz changed version from "" to "0.9.28"

Apr 17 '17 11:04 str4d