feat: withdraw all QR codes when one is withdrawn #7176
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
This is needed for #7140 Most users likely don't know anyway that they can reset individual QR codes by scanning their own QR codes. Original idea was that you can print QR codes and then enable/disable them separately, but there is no overview of it anyway and this is not how invite links work in other messengers where there is usually only one invite link and it is even shared between all members so one inviter resetting a link invalidates it for everyone. I also thought about getting rid of withdrawing QR codes completely and having a dedicated "reset invite link" API, but the advantage of the solution in this PR is that no UI changes are needed. |
link2xt
force-pushed
the
link2xt/rxxzowrsykzw
branch
from
f5cb0f5 to
fc6b510
Compare
|
Added some test. |
link2xt
force-pushed
the
link2xt/rxxzowrsykzw
branch
from
fc6b510 to
194673b
Compare
This was referenced Sep 4, 2025
link2xt
force-pushed
the
link2xt/rxxzowrsykzw
branch
from
194673b to
ae89dcc
Compare
iequidoo
approved these changes
Sep 5, 2025
link2xt
force-pushed
the
link2xt/rxxzowrsykzw
branch
from
ae89dcc to
61ba228
Compare
This is a preparation for expiring authentication tokens. If we make authentication token expire, we need to generate new authentication tokens each time QR code screen is opened in the UI, so authentication token is fresh. We however don't want to completely invalidate old authentication codes at the same time, e.g. they should still be valid for joining groups, just not result in a verification on the inviter side. Since a group now can have a lot of authentication tokens, it is easy to lose track of them without any way to remove them as they are not displayed anywhere in the UI. As a solution, we now remove all tokens corresponding to a group ID when one token is withdrawn, or all non-group tokens when a single non-group token is withdrawn. "Reset QR code" option already present in the UI which works by resetting current QR code will work without any UI changes, but will now result in invalidation of all previously created QR codes and invite links.
link2xt
force-pushed
the
link2xt/rxxzowrsykzw
branch
from
61ba228 to
d89a9e2
Compare
iequidoo
approved these changes
Sep 8, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is a preparation for expiring authentication tokens.
If we make authentication token expire,
we need to generate new authentication tokens each time QR code screen is opened in the UI,
so authentication token is fresh.
We however don't want to completely invalidate
old authentication codes at the same time,
e.g. they should still be valid for joining groups, just not result in a verification on the inviter side.
Since a group now can have a lot of authentication tokens, it is easy to lose track of them
without any way to remove them
as they are not displayed anywhere in the UI.
As a solution, we now remove all
tokens corresponding to a group ID
when one token is withdrawn,
or all non-group tokens
when a single non-group token is withdrawn.
"Reset QR code" option already present
in the UI which works by resetting
current QR code will work without any UI changes,
but will now result in invalidation
of all previously created QR codes and invite links.