Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Intrigue's WebSockets implementation does not check if user is still logged in #4318

Closed
brjeter opened this issue Feb 1, 2019 · 0 comments · Fixed by #4473 or #4764
Closed

Intrigue's WebSockets implementation does not check if user is still logged in #4318

brjeter opened this issue Feb 1, 2019 · 0 comments · Fixed by #4473 or #4764
Labels
👞Bug Fix 🔒 Security 🏬 Release Branch PR to something other than master
Milestone
2.13.6

Comments

@brjeter
Copy link
Contributor

brjeter commented Feb 1, 2019

Description

If a user has the Intrigue "Search" view up in the browser and logs out in a separate tab, they are still able to modify and execute queries. This is because, after the initial authentication, the WebSocket requests do not check if the user still has a token in that HttpSession.

Steps to Reproduce

  1. Go to Intrigue and go into a workspace.
  2. Execute a search (wildcard is fine)
  3. In a separate browser tab, pull up the AdminUI and logout.
  4. Go back to Intrigue and edit the open query and/or execute it.

Expected behavior :

The query cannot be executed once the user is logged out.

Actual behavior:

The query is executed and relevant results returned.

Reproduces how often:

100%

Platform and environment:

N/A

Affects versions

2.13.6 and master

Additional Information

N/A
@brjeter brjeter mentioned this issue Feb 4, 2019
Merged
4 tasks
@coyotesqrl coyotesqrl added 👞Bug Fix 🏬 Release Branch PR to something other than master 🔒 Security labels Feb 5, 2019
@brjeter brjeter mentioned this issue Feb 13, 2019
Merged
4 tasks
@brjeter brjeter added this to the 2.13.6 milestone Feb 21, 2019
@brjeter brjeter mentioned this issue Mar 1, 2019
Merged
4 tasks
This was referenced Mar 13, 2019
Closed
Merged
@brjeter brjeter mentioned this issue Apr 26, 2019
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
👞Bug Fix 🔒 Security 🏬 Release Branch PR to something other than master
Projects
None yet
Milestone
2.13.6
2 participants
@coyotesqrl @brjeter