Drafts not cleared on signout #5163
Description
Describe the bug
Drafts are stored in the web browser's local storage. However, they are not cleared when the user signs out. As a result, an unauthenticated user, different from the note's author, with access to the browser but without knowledge of the author's password, may access them. The note's visibility is irrelevant.
This is contrary to user expectations given the concept of access control in Memos.
Steps to reproduce
- Start typing a new note but do not click Save.
- Click on the profile icon at the bottom left of the screen, select Sign out.
- Observe that the browser's local storage contains the note draft from step 1. (See screenshot)
Expected results:
After step 2 there are no drafts saved in local storage.
Actual results:
Drafts persist after signout, allowing anyone with access to the web browser but without knowledge of the author's password to view them.
The version of Memos you're using
v0.25.1
Screenshots or additional context
Changes in #3005 did not address the root cause of these issues which is drafts surviving after the user has signed out. When the user signs out localStorage.clear() should be invoked.
Note that, since a user can edit multiple notes simultaneously, more than one drafts of existing notes can also be found in local storage at any given time. Clearing the local storage in its entirety is probably the safest option.