Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UserMod updates when user logs in, invalidates JWT cookie #18101

Closed
wezell opened this issue Mar 5, 2020 · 3 comments
Closed

UserMod updates when user logs in, invalidates JWT cookie #18101

wezell opened this issue Mar 5, 2020 · 3 comments
Assignees
@jdotcms
Labels
Changelog: Documented Doc : Needs Doc Merged QA : Approved QA : Passed Internal Release : 5.2.8 Type : Defect

Comments

@wezell
Copy link
Contributor

wezell commented Mar 5, 2020

When a user logs in we update the user record with the last login date and clear the failed logins, etc.

What happens is that our JWT cookie implementation checks that the JWT cookie is NEWER than the last user mod date, which is now invalid.

It looks like this:

  1. User logs in
  2. Login Success, dotCMS sends an access cookie with modDate = now()
  3. dotCMS update user record with login success which changes the user.modDate = now()
  4. DB commits
  5. access cookie is now older than user.modDate
wezell added a commit that referenced this issue Mar 5, 2020
@wezell
#18101 testing cluster
d7fa6bb
wezell added a commit that referenced this issue Mar 5, 2020
@wezell
#18101 testing cluster
70b7647
wezell added a commit that referenced this issue Mar 10, 2020
@wezell
#18101 prevent logout
6eac6c1
@wezell wezell added this to the Bug Sprint milestone Mar 10, 2020
@jdotcms jdotcms self-assigned this Mar 10, 2020
jdotcms added a commit that referenced this issue Mar 11, 2020
@jdotcms
#18101 adding the skinid as mark check for the jwt user validation
7042c52
jdotcms added a commit that referenced this issue Mar 12, 2020
@jdotcms
#18101 adding a web service to revoke user api token and fixes
2490673
jdotcms added a commit that referenced this issue Mar 12, 2020
@jdotcms
#18101 adding web services for api token and role/layout
138f04e
jdotcms added a commit that referenced this issue Mar 12, 2020
@jdotcms
#18101 Adding resources to handle CRUD over the role layouts
20ca93a
jdotcms added a commit that referenced this issue Mar 12, 2020
@jdotcms
#18101 added unit test to test diff scenarios on UserPersistance
798764e
jdotcms added a commit that referenced this issue Mar 12, 2020
@jdotcms
#18101 Adding fixes and unit test
908f741
jdotcms added a commit that referenced this issue Mar 13, 2020
@jdotcms
#18101 adding an unit test
6999f66
jdotcms added a commit that referenced this issue Mar 13, 2020
@jdotcms
#18101 adding a new remember me token method to the user
154ca36
jdotcms added a commit that referenced this issue Mar 13, 2020
@jdotcms
#18101 renaming a method
51c1d3f
jdotcms added a commit that referenced this issue Mar 17, 2020
@jdotcms
#18101 refactor, fixes and unit test
b9de60c
@jdotcms
Copy link
Contributor

jdotcms commented Mar 17, 2020

PR

@erickgonzalez
Copy link
Contributor

This issue probably needs the label Needs Doc since a new Resource was created.

jdotcms added a commit that referenced this issue Mar 18, 2020
@jdotcms
#18101 adding fixes for the codacy feedback and some unit test fixes
00288f3
jdotcms added a commit that referenced this issue Mar 18, 2020
@jdotcms
#18101 fixing unit test
77d7159
jdotcms added a commit that referenced this issue Mar 18, 2020
@jdotcms
#18101 part of the review check
4d85b78
fmontes pushed a commit that referenced this issue Mar 23, 2020
@jdotcms
#18101 UserMod updates when user logs in, invalidates JWT cookie
68e4518
@fmontes fmontes added the Merged label Mar 23, 2020
jdotcms added a commit that referenced this issue Mar 23, 2020
@jdotcms
#18101 UserMod updates when user logs in, invalidates JWT cookie
197c7c2
@jdotcms jdotcms mentioned this issue Mar 30, 2020
Closed
@bryanboza
Copy link
Member

Fixed, new card created in order to add the postman tests here #18213

@fmontes fmontes closed this as completed Mar 31, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jdotcms jdotcms

Labels
Changelog: Documented Doc : Needs Doc Merged QA : Approved QA : Passed Internal Release : 5.2.8 Type : Defect
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@fmontes @wezell @bryanboza @erickgonzalez @john-thomas-dotcms @jdotcms @hmoreras