`login_api::logout` API does not clean up registered API sets
abitmore opened this issue · comments
Bug Description
When login_api::logout
is called, or login_api::login
is called again but failed, or succeeded but the new user has access to fewer API sets, ideally, we should clean up the API sets that the previous user registered but is no longer available.
However, the shared pointers to these objects are already saved elsewhere (in FC), so we are unable to clean up.
That means the API set IDs for the registered API sets are still accessible even if the new user should not have access to.
bitshares-core/libraries/app/api.cpp
Lines 80 to 83 in 8c93d58
bitshares-core/libraries/app/api.cpp
Lines 91 to 93 in 8c93d58
Impacts
Describe which portion(s) of BitShares Core may be impacted by this bug. Please tick at least one box.
- API (the application programming interface)
- Build (the build process or something prior to compiled code)
- CLI (the command line wallet)
- Deployment (the deployment process after building such as Docker, Travis, etc.)
- DEX (the Decentralized EXchange, market engine, etc.)
- P2P (the peer-to-peer network for transaction/block propagation)
- Performance (system or user efficiency, etc.)
- Protocol (the blockchain logic, consensus, validation, etc.)
- Security (the security of system or user data, etc.)
- UX (the User Experience)
- Other (please add below)
Host Environment
Please provide details about the host environment. Much of this information can be found running: witness_node --version
.
- Host OS: [e.g. Ubuntu 18.04 LTS]
- Host Physical RAM [e.g. 4GB]
- BitShares Version: [e.g. 2.0.180425]
- OpenSSL Version: [e.g. 1.1.0g]
- Boost Version: [e.g. 1.65.1]
CORE TEAM TASK LIST
- Evaluate / Prioritize Bug Report
- Refine User Stories / Requirements
- Define Test Cases
- Design / Develop Solution
- Perform QA/Testing
- Update Documentation