Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

KZL-508 - auth:refreshToken #1265

Merged
merged 32 commits into from Mar 25, 2019

Conversation

@benoitvidis
Copy link
Member

commented Mar 19, 2019

⚠️ depends on #1267

What does this PR do ?

This PR adds a new refreshToken action to the auth controller.

Given a valid JWT, the action invalidates the given JWT and provides a new fresh token.
NB: The given jwt is expired only after a grace period to let concurrent client requests end up successfully during the refresh.

@benoitvidis benoitvidis force-pushed the feature/auth-refresh branch from 93db521 to 2fb3746 Mar 19, 2019

@scottinet

This comment has been minimized.

Copy link
Member

commented Mar 19, 2019

I've put the "do not merge" tag temporarily: we need to fix 2 bugs before this PR can be merged and make its way into production (I'm on it, PRs should be submitted real soon)

@codecov-io

This comment has been minimized.

Copy link

commented Mar 19, 2019

Codecov Report

Merging #1265 into 1-dev will increase coverage by 0.01%.
The diff coverage is 100%.

Impacted file tree graph

@@            Coverage Diff             @@
##            1-dev    #1265      +/-   ##
==========================================
+ Coverage   93.83%   93.85%   +0.01%     
==========================================
  Files          98       98              
  Lines        6749     6767      +18     
==========================================
+ Hits         6333     6351      +18     
  Misses        416      416
Impacted Files Coverage Δ
lib/config/httpRoutes.js 100% <ø> (ø) ⬆️
lib/api/core/models/security/token.js 100% <100%> (ø) ⬆️
lib/api/core/auth/tokenManager.js 90.56% <100%> (+0.98%) ⬆️
lib/api/controllers/authController.js 95.68% <100%> (+0.4%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 30c819e...7ebdd0d. Read the comment docs.

@Aschen

Aschen approved these changes Mar 19, 2019

@scottinet scottinet removed the do-not-merge label Mar 19, 2019

scottinet added some commits Mar 19, 2019

I cannot review this PR anymore since I've now worked on it.

@scottinet scottinet requested a review from Aschen Mar 20, 2019

@alexandrebouthinon
Copy link
Member

left a comment

Nice job! 👍

scottinet added some commits Mar 21, 2019

@scottinet scottinet self-assigned this Mar 22, 2019

@Aschen

Aschen approved these changes Mar 22, 2019

scottinet and others added some commits Mar 22, 2019

@jenow

jenow approved these changes Mar 25, 2019

@scottinet scottinet merged commit 5849b70 into 1-dev Mar 25, 2019

5 checks passed

LGTM analysis: JavaScript No new or fixed alerts
Details
codecov/project 93.85% (+0.01%) compared to 30c819e
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details
sonarqube SonarQube reported no issues

@scottinet scottinet deleted the feature/auth-refresh branch Mar 25, 2019

@scottinet scottinet referenced this pull request Mar 26, 2019

Merged

Release 1.7.0 #1274

scottinet added a commit that referenced this pull request Mar 26, 2019

Merge pull request #1274 from kuzzleio/1.7.0-proposal
# [1.7.0](https://github.com/kuzzleio/kuzzle/releases/tag/1.7.0) (2019-03-26)


#### Bug fixes

- [ [#1263](#1263) ] Change start sequence for mappings, fixtures and securities   ([Aschen](https://github.com/Aschen))
- [ [#1269](#1269) ] Fix aggregations for the security:searchXxx API routes   ([jenow](https://github.com/jenow))
- [ [#1267](#1267) ] Fix the "IsAuthenticated" assertion   ([scottinet](https://github.com/scottinet))
- [ [#1266](#1266) ] Fix controllers action leak   ([scottinet](https://github.com/scottinet))

#### New features

- [ [#1265](#1265) ] KZL-508 - auth:refreshToken   ([benoitvidis](https://github.com/benoitvidis), [scottinet](https://github.com/scottinet))

#### Enhancements

- [ [#1245](#1245) ] KZL-1005 -  Add method to use request context in SDK queries   ([Aschen](https://github.com/Aschen))
- [ [#1255](#1255) ] Add loading of fixtures mappings securities admin controller   ([Aschen](https://github.com/Aschen))
- [ [#1259](#1259) ] [http] Allow configuration of CORS methods & headers   ([benoitvidis](https://github.com/benoitvidis))
- [ [#1250](#1250) ] Make "collection:getSpecifications" error messages meaningful   ([scottinet](https://github.com/scottinet))

#### Others

- [ [#1271](#1271) ] [ci] Optimize build time and number of runners   ([alexandrebouthinon](https://github.com/alexandrebouthinon))
---
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.