Scott.Idem/OSIT-AE-App-Svelte
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(pres_mgmt): obscure email in POC + presenter email confirm dialogs

Browse Source 
Non-trusted users see joh***@example.com in the confirm() prompt and
button title instead of the full address. Trusted staff see the full
email unchanged. Matches the obscure_email() pattern already used in
ae_comp__badge_obj_li.svelte.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Scott Idem
2026-06-24 13:45:10 -04:00
parent 86845829dc
commit 64b4bce185
2 changed files with 23 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/routes/events/[event_id]/(pres_mgmt)/presenter/[presenter_id]/+page.svelte
View File

@@ -184,6 +184,13 @@ let presenter_sign_in_url = $derived((() => {
// } // }
// *** Functions and Logic // *** Functions and Logic
function obscure_email(email: string | null | undefined): string {
if (!email) return '';
const at = email.indexOf('@');
if (at < 0) return email;
return `${email.slice(0, Math.min(3, at))}***${email.slice(at)}`;
}
</script> </script>
<svelte:head> <svelte:head>
@@ -326,7 +333,10 @@ let presenter_sign_in_url = $derived((() => {
alert('No email address found for this presenter.'); alert('No email address found for this presenter.');
return; return;
} }
if (!confirm(`This will send the sign in email to ${use_email}`)) { const display_email = $ae_loc.trusted_access
? use_email
: obscure_email(use_email);
if (!confirm(`This will send the sign in email to ${display_email}`)) {
return; return;
} }

14
src/routes/events/[event_id]/(pres_mgmt)/session/[session_id]/ae_comp__session_view.svelte
View File

@@ -191,10 +191,20 @@ $effect(() => {
} }
}); });
function obscure_email(email: string | null | undefined): string {
if (!email) return '';
const at = email.indexOf('@');
if (at < 0) return email;
return `${email.slice(0, Math.min(3, at))}***${email.slice(at)}`;
}
async function send_poc_email_link() { async function send_poc_email_link() {
const sess = $lq__event_session_obj; const sess = $lq__event_session_obj;
if (!sess?.poc_person_primary_email) return; if (!sess?.poc_person_primary_email) return;
if (!confirm(`Send sign-in link to ${sess.poc_person_full_name} (${sess.poc_person_primary_email})?`)) return; const display_email = $ae_loc.trusted_access
? sess.poc_person_primary_email
: obscure_email(sess.poc_person_primary_email);
if (!confirm(`Send sign-in link to ${sess.poc_person_full_name} (${display_email})?`)) return;
poc_email_status = 'sending'; poc_email_status = 'sending';
try { try {
await events_func.email_sign_in__event_session({ await events_func.email_sign_in__event_session({
@@ -488,7 +498,7 @@ async function send_poc_email_link() {
type="button" type="button"
disabled={poc_email_status === 'sending'} disabled={poc_email_status === 'sending'}
onclick={send_poc_email_link} onclick={send_poc_email_link}
title="Email the sign-in link to {pres_mgmt_loc.current.label__session_poc_name}: {$lq__event_session_obj?.poc_person_full_name} ({$lq__event_session_obj?.poc_person_primary_email})" title="Email the sign-in link to {pres_mgmt_loc.current.label__session_poc_name}: {$lq__event_session_obj?.poc_person_full_name} ({$ae_loc.trusted_access ? $lq__event_session_obj?.poc_person_primary_email : obscure_email($lq__event_session_obj?.poc_person_primary_email)})"
class="btn btn-sm preset-outlined-secondary-300-700 transition-all duration-200" class="btn btn-sm preset-outlined-secondary-300-700 transition-all duration-200"
class:preset-tonal-secondary={poc_email_status === 'idle'} class:preset-tonal-secondary={poc_email_status === 'idle'}
class:preset-tonal-warning={poc_email_status === 'sending'} class:preset-tonal-warning={poc_email_status === 'sending'}