Bug - Found a bug in one-time feature

[z0x0z]

The secret is removed from the database before even viewing it using the decryption key.

Steps to reproduce

• Enter the text the encrypt at yopass.se and select one hr/one day/ week. Then enable the one-time and generate decryption key. Click encrypt
• Copy the short link and paste it in another tab. Enter a "incorrect" decryption key and submit.
• Now refresh the page again, then enter another "incorrect" decryption key and submit.
• Now refresh the page again, then enter "correct" decryption key and submit
• Notice, the response "Secret, does not exist"
• Hence it proved, before viewing the secret, it gets deleted from database.

Please check and fix this..

[TassiloPitrasch]

I don't think this is a bug. Decryption happens in the browser, the back-end has no way of knowing if the secret has been decrypted successfully. If the secret is deleted only after the client had confirmed decryption, the one-time feature would be rendered useless, as the request for deletion could easily be prevented, keeping the secret in the database.

[vbakke]

I agree, @TassiloPitrasch . Preferable, we would not delete the secret untill it is properly decrypted. But there is no way for the server to know.

I suggest closing this issue, sorry.