New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Change the JWT Issuer #13451

Closed
jdotcms opened this Issue Jan 19, 2018 · 6 comments

Comments

Projects
None yet
4 participants
@jdotcms
Contributor

jdotcms commented Jan 19, 2018

We have to use as an issuer the dotcms environment that creates the token, it will be the cluster id to identified the node that creates the token

@jdotcms jdotcms self-assigned this Jan 19, 2018

jgambarios added a commit that referenced this issue May 30, 2018

jgambarios added a commit that referenced this issue May 30, 2018

jgambarios added a commit that referenced this issue May 31, 2018

jgambarios added a commit that referenced this issue Jun 5, 2018

jgambarios added a commit that referenced this issue Jun 5, 2018

jgambarios added a commit that referenced this issue Jun 5, 2018

jgambarios added a commit that referenced this issue Jun 5, 2018

jgambarios added a commit that referenced this issue Jun 5, 2018

jgambarios added a commit that referenced this issue Jun 6, 2018

jgambarios added a commit that referenced this issue Jun 6, 2018

jgambarios added a commit that referenced this issue Jun 6, 2018

@jgambarios

This comment has been minimized.

Contributor

jgambarios commented Jun 7, 2018

PR: #14535

@jgambarios jgambarios assigned jgambarios and unassigned jdotcms Jun 7, 2018

wezell added a commit that referenced this issue Jun 7, 2018

Issue 13451 13453 jwt (#14535)
* #13451 #13453

* #13451 #13453

* #13451 #13453 Removed json.web.token.hash.signing.key property

* #13451 #13453

* Codacy feedback

* #13451 #13453

* #13451 #13453 Unit tests

* #13451 #13453

* #13451 #13453

* #13451 #13453

* #13451 #13453

* #13451 #13453 For the forgot password functionality

* #13451 #13453 More fixes in Unit tests

* Removed import

@jgambarios jgambarios added this to the Cody Current milestone Jun 7, 2018

@bryanboza bryanboza added this to CODY in QA Jun 8, 2018

@bryanboza

This comment has been minimized.

Contributor

bryanboza commented Jun 8, 2018

After doing some testing with the latest changes. We have problems with the session.

For some reason, after you kill the server the session is still alive in the browser. Then if you clean your instance and start with a fresh environment, tomcat is allowing continue navigating with the existing session, the system is throwing an error because the token is invalid or expired, but allow continue using the application.

Then we have two options here:

  • If is ok continue using the app just with the session cookies then we need to remove the token validation

  • Validate if the token is invalid or expired, then kill the session.

Here the error in the log:
https://gist.github.com/bryanboza/cf44feada2191dc85f1540ec046a0a8c

@bryanboza bryanboza moved this from CODY to In Review in QA Jun 11, 2018

jgambarios added a commit that referenced this issue Jun 13, 2018

@jgambarios

This comment has been minimized.

Contributor

jgambarios commented Jun 13, 2018

PR: #14622

jgambarios added a commit that referenced this issue Jun 13, 2018

@bryanboza

This comment has been minimized.

Contributor

bryanboza commented Jun 14, 2018

If add manually an invalid key (some key without the necessary points) we are showing exceptions and this continues in every transaction. We need be smarter here and be able to recover. If the token is invalid just show the error and clean up the cookies

@bryanboza bryanboza moved this from CODY to In Review in QA Jun 14, 2018

jgambarios added a commit that referenced this issue Jun 14, 2018

jgambarios added a commit that referenced this issue Jun 14, 2018

@jgambarios

This comment has been minimized.

Contributor

jgambarios commented Jun 14, 2018

PR: #14638

@bryanboza bryanboza moved this from In Review to CODY in QA Jun 15, 2018

@bryanboza

This comment has been minimized.

Contributor

bryanboza commented Jun 15, 2018

Fixed, now we detect the problem, print the error on the log file, and delete the token

@bryanboza bryanboza moved this from CODY to Done in QA Jun 15, 2018

@wezell wezell closed this Jun 21, 2018

@bryanboza bryanboza removed this from Done in QA Aug 10, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment