Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add expiration time limit #1413

Merged
merged 9 commits into from
Apr 19, 2024
Merged

Add expiration time limit #1413

merged 9 commits into from
Apr 19, 2024

Conversation

iamacook
Copy link
Member

@iamacook iamacook commented Apr 16, 2024
edited

Summary

This adds a 15 minute limit for the validity period of JWT tokens. (It is currently hardcoded, but will eventually be injected.)

Changes

  • Change the SiweMessageSchema to a function that accepts a validity period.
  • Pass a value to getSiweMessageSchema in VerifyAuthMessageDto.
  • Add test case, as well as update existing tests.

@iamacook iamacook self-assigned this Apr 16, 2024
@iamacook iamacook marked this pull request as ready for review April 16, 2024 09:59
@iamacook iamacook requested a review from a team as a code owner April 16, 2024 09:59
@coveralls
Copy link

coveralls commented Apr 16, 2024
edited

Pull Request Test Coverage Report for Build 8741272486

Details

  • 9 of 9 (100.0%) changed or added relevant lines in 2 files are covered.
  • 3 unchanged lines in 1 file lost coverage.
  • Overall coverage decreased (-0.05%) to 93.086%
Files with Coverage Reduction New Missed Lines %
src/routes/transactions/entities/tests/human-description.builder.ts 3 60.0%
Totals Coverage Status
Change from base Build 8722902980: -0.05%
Covered Lines: 6809
Relevant Lines: 7065
💛 - Coveralls

Base automatically changed from cookie-auth to main April 17, 2024 13:35
hectorgomezv
hectorgomezv reviewed Apr 18, 2024
View reviewed changes
src/routes/auth/entities/schemas/__tests__/verify-auth-message.dto.schema.spec.ts
@@ -2,10 +2,18 @@ import { siweMessageBuilder } from '@/domain/siwe/entities/__tests__/siwe-messag
import { VerifyAuthMessageDtoSchema } from '@/routes/auth/entities/verify-auth-message.dto.entity';
import { faker } from '@faker-js/faker';

const MAX_VALIDITY_PERIOD_IN_MS = 15 * 60 * 1_000; // 15 minutes

describe('VerifyAuthMessageDto', () => {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe I'm not getting it 100% right here, but I'm thinking whether we should call jest.useFakeTimers also here (as in AuthController tests) or not, to make sure the edge cases (faker returning threshold dates) doesn't make the tests flaky.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's true. I've adjusted it to include fake timers in 8fdb401.

@hectorgomezv hectorgomezv self-requested a review April 18, 2024 15:46
hectorgomezv
hectorgomezv approved these changes Apr 18, 2024
View reviewed changes
Copy link
Member

@hectorgomezv hectorgomezv left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've only left a small doubt/comment, but overall it looks good to me 👏🏻

@iamacook iamacook merged commit 618689c into main Apr 19, 2024
16 checks passed
@iamacook iamacook deleted the auth-expiration-limit branch April 19, 2024 06:55
fmrsabino pushed a commit that referenced this pull request Apr 19, 2024
@iamacook @fmrsabino
Add expiration time limit (#1413)
b75aa64 
Adds a 15 minute limit for the validity period of JWT tokens. (It is currently hardcoded, but will eventually be injected.):

- Change the `SiweMessageSchema` to a function that accepts a validity period.
- Pass a value to `getSiweMessageSchema` in `VerifyAuthMessageDto`.
- Add test case, as well as update existing tests.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hectorgomezv hectorgomezv hectorgomezv approved these changes

Assignees

@iamacook iamacook

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@iamacook @coveralls @hectorgomezv