Server-side validation of user credentials
Closed this issue · 1 comments
kaloyan-raev commented
The Import Keys feature does not check if the provided credentials are actually valid on the Bridge.
The following 2-step validation should be done in addition to the current client-side validation:
- List buckets.
-- if error code 200 or 304 is received then user and password match
-- If error code 401 is received then user and password does not match
-- in all other cases - unknown error - Check if the listed buckets can be decrypted with the provided encryption key
-- if at least one bucket is decrypted successfully then the encryption key is accepted as valid
-- if none of the buckets can be decrypted then the encryption key is invalid
-- if no buckets in the account - the encryption key is accepted as valid
kaloyan-raev commented
This is now available in v0.8.