-
Notifications
You must be signed in to change notification settings - Fork 26
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
馃悰 Login: Fixes Unauthorized
during resend-code
#3775
馃悰 Login: Fixes Unauthorized
during resend-code
#3775
Conversation
Codecov Report
@@ Coverage Diff @@
## master #3775 +/- ##
========================================
+ Coverage 83.5% 84.8% +1.3%
========================================
Files 915 915
Lines 38837 38866 +29
Branches 791 791
========================================
+ Hits 32450 32991 +541
+ Misses 6177 5665 -512
Partials 210 210
Flags with carried forward coverage won't be shown. Click here to find out more.
|
d590b93
to
544a5cf
Compare
Unauthorized
resend code during authentication
Unauthorized
resend code during authenticationUnauthorized
during resend-code
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
cool! maybe finish the description of the PR...
@sanderegg what do you mean? |
544a5cf
to
bf4bc52
Compare
6348a3d
to
b8c7883
Compare
Code Climate has analyzed commit b8c7883 and detected 0 issues on this pull request. View more on Code Climate. |
Kudos, SonarCloud Quality Gate passed!聽 聽 0 Bugs No Coverage information |
What do these changes do?
This PR redesigns the session access to overcome some limitations detected during manual exploratory testing.
Some of the new authentication workflows include multiple requests to the
auth
entrypoints. In order to secure these entrypoints, there is a session access control mechanism in place. Once the starting auth entrypoint succeds, an access token is created for the next entrypoint/s and so on. For example, a request toauth/login-continue
is unauthorized until a request toauth/login-start
is successful. This is implemented asNote that
login_continue
andlogin_start
do not havelogin_required
.Related issue/s
How to test
services/web/server/tests/unit/with_dbs/03/test_session_access.py
tests workflows followed by the front-endChecklist