Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FIX] CAS does not share secrets when operating multiple server instances #8654

Merged
merged 1 commit into from
Dec 8, 2017
Merged

[FIX] CAS does not share secrets when operating multiple server instances #8654

merged 1 commit into from
Dec 8, 2017

Conversation

AmShaegar13
Copy link
Contributor

@RocketChat/core

Closes #8032

This fixes CAS login when running multiple instances of RocketChat. When using CAS, a so called credentialsToken is stored in the server process to identify login attempts via CAS pop-up. This is bad when it comes to running several instances of RocketChat because it can not be guaranteed to hit the same instance again. Thus, I changed storing those tokens in MongoDB. In addition, I added a cleanup mechanism to delete outdated tokens of failed login attempts.

@CLAassistant
Copy link

CLAassistant commented Oct 25, 2017
edited
Loading

CLA assistant check
All committers have signed the CLA.

@AmShaegar13
Copy link
Contributor Author

Signed CLA + fixed email settings.

@AmShaegar13 AmShaegar13 force-pushed the fix-cas-with-multiple-instances branch 2 times, most recently from 4c00da7 to 8e7f2c9 Compare November 6, 2017 09:04
@AmShaegar13
Copy link
Contributor Author

AmShaegar13 commented Nov 24, 2017
edited
Loading

  • Should use expireAfterSecondsfeature of MongoDB. Will change that.

@AmShaegar13 AmShaegar13 changed the title [FIX] fix CAS when operating multiple server instances [WIP][FIX] fix CAS when operating multiple server instances Nov 24, 2017
@rodrigok rodrigok added this to the 0.61.0 milestone Dec 7, 2017
@AmShaegar13 AmShaegar13 force-pushed the fix-cas-with-multiple-instances branch from 8e7f2c9 to b49706d Compare December 8, 2017 15:41
@AmShaegar13
added a CredentialTokens model to store user info in mongodb instead …
d6ee11b 
…of process to fix CAS when operating multiple server instances
@AmShaegar13 AmShaegar13 force-pushed the fix-cas-with-multiple-instances branch from b49706d to d6ee11b Compare December 8, 2017 17:03
@AmShaegar13 AmShaegar13 changed the title [WIP][FIX] fix CAS when operating multiple server instances [FIX] fix CAS when operating multiple server instances Dec 8, 2017
@AmShaegar13
Copy link
Contributor Author

@rodrigok ready to merge.

@rodrigok rodrigok modified the milestones: 0.61.0, 0.60.0 Dec 8, 2017
@rodrigok rodrigok changed the title [FIX] fix CAS when operating multiple server instances [FIX] CAS does not share secrets when operating multiple server instances Dec 8, 2017
@rodrigok rodrigok merged commit 513271f into RocketChat:develop Dec 8, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rodrigok rodrigok rodrigok approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.60.0
Development

Successfully merging this pull request may close these issues.

Two instance + CAS: sometimes can't login with error 'no matching login attempt found'
3 participants
@AmShaegar13 @CLAassistant @rodrigok