Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: force authenticate on login #1347

Merged
merged 3 commits into from Jun 13, 2019
Merged

fix: force authenticate on login #1347

merged 3 commits into from Jun 13, 2019

Conversation

juanpicado
Copy link
Member

@juanpicado juanpicado commented Jun 12, 2019
edited

Type: bug

The following has been addressed in the PR:

  • There is a related issue? No
  • Unit or Functional tests are included in the PR Yes

Description:

When a user has a valid token and tries to login with other credentials (even if are invalid) the endpoint returns 201. Only if there was a previous successful login.

The reason was if another user logged previously and had a valid token stored in the terminal. We must authenticate any user that tries to log in even if the token stored is valid.

We must check credentials again and return a new token, if the credentials are wrong we reject the login. Furthermore, the new token will update the list of groups.

@juanpicado juanpicado requested review from DanielRuf and a team June 12, 2019 07:14
@juanpicado juanpicado requested review from ayusharma and a team June 12, 2019 07:17
@juanpicado
fix: force authenticate on login
e99e41e 
When a user has a valid token and tries to login with other credentials the endpoint returns 201.

The reason was if another user logged previously and had a valid token stored in the terminal. We must authenticate any user that tries to log in even if the token stored is valid.

We must check credentials again and return a new token, if the credentials are wrong we reject the login. Furthermore, the new token will update the list of groups.
@juanpicado juanpicado merged commit 85c1bd1 into master Jun 13, 2019
@delete-merged-branch delete-merged-branch bot deleted the fix-adduser-token branch June 13, 2019 04:58
@lock
Copy link

lock bot commented Jun 29, 2019

🤖This thread has been automatically locked 🔒 since there has not been any recent activity after it was closed.
We lock tickets after 90 days with the idea to encourage you to open a ticket with new fresh data and to provide you better feedback 🤝and better visibility 👀.
If you consider, can attach this ticket 📨to the new one as a reference for better context.
Thanks for being a part of the Verdaccio community! 💘

@lock lock bot locked as resolved and limited conversation to collaborators Jun 29, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@DanielRuf DanielRuf Awaiting requested review from DanielRuf

@ayusharma ayusharma Awaiting requested review from ayusharma

Assignees
No one assigned
Labels
dev: high priority
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@juanpicado