devteam/sharenet
3
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

[Bug]: Passports need to always have unaffiliated user profile #7

New issue
Open
opened 2025-11-23 13:53:47 -05:00 by continuist · 1 comment
continuist commented 2025-11-23 13:53:47 -05:00
Owner
Copy link

Brief Summary

Passports need to always have unaffiliated user profile

Steps to Reproduce

N/A

Expected Behavior

A Passport needs to have a concept of an unaffiliated user profile which is never removable from a Passport. This is to allow the user to have an identity (such as a username, firstname, lastname, etc) which exist when the user is not a member of any Hub. The user then uses this unaffiliated user profile when applying for membership to a Hub. Without an unaffiliated user profile, it could be possible for a user to be able to lose all user profiles within a Passport and therefore not be able to present themselves to the outside world as anything. This is obviously wrong-- logically, a user always presents themselves as something.

The unaffiliated user profile should have fields that are modifiable, such as the firstname, lastname, avatar, etc, but the unaffiliated user profile is not allowed to have a Hub DID field, since by definition the unaffiliated user profile is not affiliated with any Hub.

The concept of a default user profile needs to be decoupled from this concept of an unaffiliated user profile. The default user profile just means the user profile that is automatically displayed to the user and used when the user signs in, and that's it. The default user profile probably shouldn't be an individual boolean field in each user profile (such as "isDefault"), to prevent the possibility of the frontend being coded as allowing the user using multiple user profiles at the same time, which should not be possible, doesn't make sense, and is probably fishy/hacker behavior. Instead, the default user profile should be a field in the global info section of the Passport itself, and should probably identify the uuidv7 ID of the user profile that is to be used as the default user profile. This strongly implies all user profiles, even the unaffiliated user profile, need to have a uuidv7 ID defined. It probably should also be the case that the default user profile field should be in the encrypted part of the global info section, as this is a detail that the outside world doesn't need to know.

Actual Behavior

Currently we have a logic error.

Additional Context

N/A

Checklist

  • I have checked that this bug has not already been reported.
  • I have provided all the requested information to the best of my ability.
### Brief Summary Passports need to always have unaffiliated user profile ### Steps to Reproduce N/A ### Expected Behavior A Passport needs to have a concept of an unaffiliated user profile which is never removable from a Passport. This is to allow the user to have an identity (such as a username, firstname, lastname, etc) which exist when the user is not a member of any Hub. The user then uses this unaffiliated user profile when applying for membership to a Hub. Without an unaffiliated user profile, it could be possible for a user to be able to lose all user profiles within a Passport and therefore not be able to present themselves to the outside world as anything. This is obviously wrong-- logically, a user always presents themselves as something. The unaffiliated user profile should have fields that are modifiable, such as the firstname, lastname, avatar, etc, but the unaffiliated user profile is not allowed to have a Hub DID field, since by definition the unaffiliated user profile is not affiliated with any Hub. The concept of a default user profile needs to be decoupled from this concept of an unaffiliated user profile. The default user profile just means the user profile that is automatically displayed to the user and used when the user signs in, and that's it. The default user profile probably shouldn't be an individual boolean field in each user profile (such as "isDefault"), to prevent the possibility of the frontend being coded as allowing the user using multiple user profiles at the same time, which should not be possible, doesn't make sense, and is probably fishy/hacker behavior. Instead, the default user profile should be a field in the global info section of the Passport itself, and should probably identify the uuidv7 ID of the user profile that is to be used as the default user profile. This strongly implies all user profiles, even the unaffiliated user profile, need to have a uuidv7 ID defined. It probably should also be the case that the default user profile field should be in the encrypted part of the global info section, as this is a detail that the outside world doesn't need to know. ### Actual Behavior Currently we have a logic error. ### Additional Context ```shell N/A ``` ### Checklist - [x] I have checked that this bug has not already been reported. - [x] I have provided all the requested information to the best of my ability.
continuist added the
Kind/Bug
 label 2025-11-23 13:53:47 -05:00
continuist self-assigned this 2025-11-23 13:53:47 -05:00
continuist commented 2025-11-23 13:58:21 -05:00
Author
Owner
Copy link

"Base user profile" is probably a better name than "unaffiliated user profile".

"Base user profile" is probably a better name than "unaffiliated user profile".
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
bug/7-passports-need-to-always-have-unaffiliated-user-profile
No results found.
Labels
Clear labels
  
Compat/Breaking

Breaking change that won't be backward compatible

  
Kind/Bug

Something is not working

  
Kind/Documentation

Documentation changes

  
Kind/Enhancement

Improve existing functionality

  
Kind/Feature

New functionality

  
Kind/Security

This is security issue

  
Kind/Testing

Issue or pull request related to testing

  
Priority
Critical
The priority is critical

  
Priority
High
The priority is high

  
Priority
Low
The priority is low

  
Priority
Medium
The priority is medium

  
Reviewed
Confirmed
Issue has been confirmed

  
Reviewed
Duplicate
This issue or pull request already exists

  
Reviewed
Invalid
Invalid issue

  
Reviewed
Won't Fix
This issue won't be fixed

  
Status
Abandoned
Somebody has started to work on this but abandoned work

  
Status
Blocked
Something is blocking this issue or pull request

  
Status
Need More Info
Feedback is required to reproduce issue or to continue work

No labels
Compat/Breaking
Kind/Bug
Kind/Documentation
Kind/Enhancement
Kind/Feature
Kind/Security
Kind/Testing
Priority
Critical
Priority
High
Priority
Low
Priority
Medium
Reviewed
Confirmed
Reviewed
Duplicate
Reviewed
Invalid
Reviewed
Won't Fix
Status
Abandoned
Status
Blocked
Status
Need More Info
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
continuist
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: devteam/sharenet#7
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?