learn-ocaml
learn-ocaml copied to clipboard
ocaml-sf
Sync can spawn tokens
Hi,
On learnocaml_common.ml, I noticed let rec sync_save token save_file can actually create a new token if the Update_save returns an error (https://github.com/ocaml-sf/learn-ocaml/blob/master/src/app/learnocaml_common.ml#L439) - Is this the expected behaviour? Couldn't this lead to the accidental creation of tokens? \cc @yurug
Thanks!
Thank you @hannelita . This indeed looks like a weird way to handle errors!
I will investigate.
This is kind of historical: the original design was to use tokens as a means to recognise returning users, and not expected as a means of authentication. As in the early stages, and during development, the server could be restarted/reset quite often, this was to ensure that a user with an existing session, even if the server was reset, would be allowed in and transparently synchronised (using the browser data) using their old token.
I believe there may be a couple places where users can be auto-registered using their supplied token, if not found of the server (not for teacher tokens, of course, see #405). Using tokens as a means of authentication would mean tracking all such places. Maybe it could be a server option.
