warn on logout too

2017-01-24 22:47:03 +01:00 · 2017-01-24 22:47:03 +01:00 · b148619c52
parent 5b61d00533
commit b148619c52
1 changed files with 30 additions and 13 deletions
--- a/src/Lifecycle.js
+++ b/src/Lifecycle.js
@ -22,6 +22,7 @@ import Notifier from './Notifier';
 import UserActivity from './UserActivity';
 import Presence from './Presence';
 import dis from './dispatcher';
 import Modal from './Modal';
 import DMRoomMap from './utils/DMRoomMap';
 /**
@ -289,19 +290,35 @@ export function logout() {
        return;
    }
-    return MatrixClientPeg.get().logout().then(onLoggedOut,
+    var QuestionDialog = sdk.getComponent("dialogs.QuestionDialog");
-        (err) => {
+    Modal.createDialog(QuestionDialog, {
-            // Just throwing an error here is going to be very unhelpful
+        title: "Warning",
-            // if you're trying to log out because your server's down and
+        description:
-            // you want to log into a different server, so just forget the
+            <div>
-            // access token. It's annoying that this will leave the access
+                For security, logging out will delete any end-to-end encryption keys from this browser,
-            // token still valid, but we should fix this by having access
+                making previous encrypted chat history unreadable if you log back in.
-            // tokens expire (and if you really think you've been compromised,
+                In future this <a href="https://github.com/vector-im/riot-web/issues/2108">will be improved</a>,
-            // change your password).
+                but for now be warned.
-            console.log("Failed to call logout API: token will not be invalidated");
+            </div>,
-            onLoggedOut();
+        button: "Continue",
-        }
+        onFinished: (confirmed) => {
-    );
+            if (confirmed) {
                MatrixClientPeg.get().logout().then(onLoggedOut,
                    (err) => {
                        // Just throwing an error here is going to be very unhelpful
                        // if you're trying to log out because your server's down and
                        // you want to log into a different server, so just forget the
                        // access token. It's annoying that this will leave the access
                        // token still valid, but we should fix this by having access
                        // tokens expire (and if you really think you've been compromised,
                        // change your password).
                        console.log("Failed to call logout API: token will not be invalidated");
                        onLoggedOut();
                    }
                );
            }
        },
    });
 }
 /**