From 64b4bce185d0d4b84c22dba924f67b8c0a003294 Mon Sep 17 00:00:00 2001 From: Scott Idem Date: Wed, 24 Jun 2026 13:45:10 -0400 Subject: [PATCH] fix(pres_mgmt): obscure email in POC + presenter email confirm dialogs Non-trusted users see joh***@example.com in the confirm() prompt and button title instead of the full address. Trusted staff see the full email unchanged. Matches the obscure_email() pattern already used in ae_comp__badge_obj_li.svelte. Co-Authored-By: Claude Sonnet 4.6 --- .../presenter/[presenter_id]/+page.svelte | 12 +++++++++++- .../[session_id]/ae_comp__session_view.svelte | 14 ++++++++++++-- 2 files changed, 23 insertions(+), 3 deletions(-) diff --git a/src/routes/events/[event_id]/(pres_mgmt)/presenter/[presenter_id]/+page.svelte b/src/routes/events/[event_id]/(pres_mgmt)/presenter/[presenter_id]/+page.svelte index 3fa7ad09..168635bf 100644 --- a/src/routes/events/[event_id]/(pres_mgmt)/presenter/[presenter_id]/+page.svelte +++ b/src/routes/events/[event_id]/(pres_mgmt)/presenter/[presenter_id]/+page.svelte @@ -184,6 +184,13 @@ let presenter_sign_in_url = $derived((() => { // } // *** Functions and Logic + +function obscure_email(email: string | null | undefined): string { + if (!email) return ''; + const at = email.indexOf('@'); + if (at < 0) return email; + return `${email.slice(0, Math.min(3, at))}***${email.slice(at)}`; +} @@ -326,7 +333,10 @@ let presenter_sign_in_url = $derived((() => { alert('No email address found for this presenter.'); return; } - if (!confirm(`This will send the sign in email to ${use_email}`)) { + const display_email = $ae_loc.trusted_access + ? use_email + : obscure_email(use_email); + if (!confirm(`This will send the sign in email to ${display_email}`)) { return; } diff --git a/src/routes/events/[event_id]/(pres_mgmt)/session/[session_id]/ae_comp__session_view.svelte b/src/routes/events/[event_id]/(pres_mgmt)/session/[session_id]/ae_comp__session_view.svelte index b22e23f2..87dadfe4 100644 --- a/src/routes/events/[event_id]/(pres_mgmt)/session/[session_id]/ae_comp__session_view.svelte +++ b/src/routes/events/[event_id]/(pres_mgmt)/session/[session_id]/ae_comp__session_view.svelte @@ -191,10 +191,20 @@ $effect(() => { } }); +function obscure_email(email: string | null | undefined): string { + if (!email) return ''; + const at = email.indexOf('@'); + if (at < 0) return email; + return `${email.slice(0, Math.min(3, at))}***${email.slice(at)}`; +} + async function send_poc_email_link() { const sess = $lq__event_session_obj; if (!sess?.poc_person_primary_email) return; - if (!confirm(`Send sign-in link to ${sess.poc_person_full_name} (${sess.poc_person_primary_email})?`)) return; + const display_email = $ae_loc.trusted_access + ? sess.poc_person_primary_email + : obscure_email(sess.poc_person_primary_email); + if (!confirm(`Send sign-in link to ${sess.poc_person_full_name} (${display_email})?`)) return; poc_email_status = 'sending'; try { await events_func.email_sign_in__event_session({ @@ -488,7 +498,7 @@ async function send_poc_email_link() { type="button" disabled={poc_email_status === 'sending'} onclick={send_poc_email_link} - title="Email the sign-in link to {pres_mgmt_loc.current.label__session_poc_name}: {$lq__event_session_obj?.poc_person_full_name} ({$lq__event_session_obj?.poc_person_primary_email})" + title="Email the sign-in link to {pres_mgmt_loc.current.label__session_poc_name}: {$lq__event_session_obj?.poc_person_full_name} ({$ae_loc.trusted_access ? $lq__event_session_obj?.poc_person_primary_email : obscure_email($lq__event_session_obj?.poc_person_primary_email)})" class="btn btn-sm preset-outlined-secondary-300-700 transition-all duration-200" class:preset-tonal-secondary={poc_email_status === 'idle'} class:preset-tonal-warning={poc_email_status === 'sending'}