Skip to content

Comments

Auto-rotate Phaze identity when account info is revealed#5956

Merged
j0ntz merged 1 commit intodevelopfrom
jon/fix/phaze-key-rotation
Feb 24, 2026
Merged

Auto-rotate Phaze identity when account info is revealed#5956
j0ntz merged 1 commit intodevelopfrom
jon/fix/phaze-key-rotation

Conversation

@j0ntz
Copy link
Contributor

@j0ntz j0ntz commented Feb 24, 2026
edited
Loading

CHANGELOG

Does this branch warrant an entry to the CHANGELOG?

  • Yes
  • No

Dependencies

none

Requirements

If you have made any visual changes to the GUI. Make sure you have:

  • Tested on iOS device
  • Tested on Android device
  • Tested on small-screen device (iPod Touch)
  • Tested on large-screen device (tablet)

Summary

When a user reveals their Phaze email via the Gift Card Account Info scene, automatically create a new identity for future purchases. This prevents a malicious actor who sees the revealed email from intercepting new gift card orders. Old identities are preserved for order history.

  • Added rotateIdentity method to PhazeGiftCardProvider
  • ensureUser now sorts identities by createdDate descending to prefer the newest
  • Rotation must succeed before the reveal proceeds; if it fails the reveal is blocked

chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Feb 24, 2026
View reviewed changes
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: c60e29eaa5

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

@j0ntz j0ntz force-pushed the jon/fix/phaze-key-rotation branch from c60e29e to a658ed2 Compare February 24, 2026 20:18
@Jon-edge
Auto-rotate Phaze identity when account info is revealed
157e2ee 
When a user reveals their Phaze email via the Gift Card Account Info
scene, automatically create a new identity for future purchases. This
prevents a malicious actor who sees the revealed email from intercepting
new gift card orders. Old identities are preserved for order history.
@j0ntz j0ntz force-pushed the jon/fix/phaze-key-rotation branch from 9b2785c to 157e2ee Compare February 24, 2026 20:38
@j0ntz j0ntz enabled auto-merge February 24, 2026 20:38
@j0ntz j0ntz merged commit d5fe1af into develop Feb 24, 2026
3 checks passed
@j0ntz j0ntz deleted the jon/fix/phaze-key-rotation branch February 24, 2026 20:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

@swansontec swansontec swansontec approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@j0ntz @swansontec @Jon-edge