Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Deleted user successfully signs in using JWT #615

Closed
abhisekp opened this Issue Dec 7, 2017 · 4 comments

Comments

Projects
None yet
2 participants
@abhisekp
Copy link

abhisekp commented Dec 7, 2017

Steps to reproduce

  1. Create a user
  2. Create a auth token
  3. Delete the user
  4. Create another user with the exact same details as the previous user (probably doesn't matter)
  5. Try to authenticate with the previous auth token

Expected behavior

The deleted user should not be able to access resources and should throw on authentication.

Actual behavior

The deleted user is given an authorization token and the user object is filled with an empty object.

@daffl

This comment has been minimized.

Copy link
Member

daffl commented Dec 7, 2017

I'm not seeing how a token with the userId of a deleted user would not throw an error after trying to populate the entity.

@daffl

This comment has been minimized.

Copy link
Member

daffl commented Dec 21, 2017

As long as the id changes, it should still fail. There was a mistake in the authentication hooks of the latest application which has been fixed via feathersjs/generator-feathers#325 so I'm going to close this.

@daffl daffl closed this Dec 21, 2017

@abhisekp

This comment has been minimized.

Copy link
Author

abhisekp commented Jan 19, 2018

Is the issue fixed i.e. a deleted user should not be populated with an empty object and should throw on authentication?

@daffl

This comment has been minimized.

Copy link
Member

daffl commented Jan 19, 2018

That issue is #392 which I'm also planning on taking on soon.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.