New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve the Key generation for the JWT signing keys #13453

Closed
jdotcms opened this Issue Jan 19, 2018 · 2 comments

Comments

Projects
None yet
4 participants
@jdotcms
Contributor

jdotcms commented Jan 19, 2018

If key is set in dotmarketing-config and != default value AND different key is in /assets

  • using the one in dotmarketing-config overwrite the shared storage (db or assets)
  • use from shared storage (/assets/server)

If key is set in dotmarketing-config and != default value:

  • copy to shared storage (db or assets)
  • use from shared storage (/assets/server)

If key is not set in dotmarketing-config and key is not in shared storage:

  • generate a random one
  • copy to shared storage
  • use from shared storage

If key is not set in dotmarketing-config and is in shared storage and == default value:

  • generate a random one
  • copy to shared storage
  • use from shared storage

If key is not set in dotmarketing-config and is in shared storage and != default value:

  • use from shared storage

@jdotcms jdotcms self-assigned this Jan 19, 2018

jgambarios added a commit that referenced this issue May 30, 2018

jgambarios added a commit that referenced this issue May 30, 2018

jgambarios added a commit that referenced this issue May 31, 2018

jgambarios added a commit that referenced this issue Jun 5, 2018

jgambarios added a commit that referenced this issue Jun 5, 2018

jgambarios added a commit that referenced this issue Jun 5, 2018

jgambarios added a commit that referenced this issue Jun 5, 2018

jgambarios added a commit that referenced this issue Jun 5, 2018

jgambarios added a commit that referenced this issue Jun 6, 2018

jgambarios added a commit that referenced this issue Jun 6, 2018

jgambarios added a commit that referenced this issue Jun 6, 2018

@jgambarios

This comment has been minimized.

Contributor

jgambarios commented Jun 7, 2018

PR: #14535

@jgambarios jgambarios assigned jgambarios and unassigned jdotcms Jun 7, 2018

wezell added a commit that referenced this issue Jun 7, 2018

Issue 13451 13453 jwt (#14535)
* #13451 #13453

* #13451 #13453

* #13451 #13453 Removed json.web.token.hash.signing.key property

* #13451 #13453

* Codacy feedback

* #13451 #13453

* #13451 #13453 Unit tests

* #13451 #13453

* #13451 #13453

* #13451 #13453

* #13451 #13453

* #13451 #13453 For the forgot password functionality

* #13451 #13453 More fixes in Unit tests

* Removed import

@jgambarios jgambarios added this to the Cody Current milestone Jun 7, 2018

@bryanboza bryanboza added this to CODY in QA Jun 8, 2018

@bryanboza

This comment has been minimized.

Contributor

bryanboza commented Jun 14, 2018

Fixed, now we are regenerating the token without problems and everything works as expected. Some new improvements on #13451

@bryanboza bryanboza moved this from CODY to Done in QA Jun 14, 2018

@wezell wezell closed this Jun 21, 2018

@bryanboza bryanboza removed this from Done in QA Aug 10, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment