Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JWT token not expiring in provided expiryTime (1 day) #135

Open
adi-g15 opened this issue Apr 25, 2021 · 3 comments
Open

JWT token not expiring in provided expiryTime (1 day) #135

adi-g15 opened this issue Apr 25, 2021 · 3 comments
Labels
bug Something isn't working help wanted Extra attention is needed moderate This issue is moderately difficult

Comments

@adi-g15
Copy link

adi-g15 commented Apr 25, 2021

Describe the bug 馃悰
In auth.service.js, the JWT token is issued and it's expiry is set to be 1 day, but even after a day, the person with the old token is still able to modify profile data.

To Reproduce 馃攳
Steps to reproduce the behavior:

  1. Try to change your account info after a day (ie. after expiryTime of token)
  2. Able to modify profile data

Expected behaviour 馃悵
Instead, one must not be able to modify account data, even after JWT token should have expired

Desktop (please complete the following information): 馃捇

  • Windows 10
  • Firefox
  • 88.0

Additional context 馃摑
Related code where we create the JWT token is in:

pbchess/server/src/services/auth.service.js

Lines 28 to 43 in 42ccc48

const issueJWT = (user, expiry='1d') => {
const { _id } = user;
const expiresIn = expiry;
const payload = {
id: _id,
iat: Date.now()
};
const signedToken = jsonwebtoken.sign(payload, PRIV_KEY, { expiresIn: expiresIn, algorithm: 'RS256' });
return {
token: 'Bearer ' + signedToken,
expires: expiresIn
}
}

@fave77 fave77 added bug Something isn't working gssoc21 Exclusive to GSSoC participants help wanted Extra attention is needed Level2 Bug fixing, adding small features (25 points for GSSoC'21) moderate This issue is moderately difficult labels Apr 25, 2021
@subhangi2731
Copy link

please assign me this issue

@subhangi2731
Copy link

@fave77 please assign me I can work on this

@adi-g15
Copy link
Author

adi-g15 commented May 15, 2021

@subhangi2731 You are already assigned to #22. Same person will not be assigned multiple issues as of now.

@fave77 fave77 removed Level2 Bug fixing, adding small features (25 points for GSSoC'21) gssoc21 Exclusive to GSSoC participants labels Jun 4, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working help wanted Extra attention is needed moderate This issue is moderately difficult
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@fave77 @adi-g15 @subhangi2731