feat: Rewrite of session-based securitykeys #764
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This is a draft for solving the problem of one session-based securitykey, making multiple requests in parallel impossible. - a new securitykey is created every time it is requested - securitykeys are bound to a session, if `session`-flag is True (default) - unused securitykeys from a session are either being dropped by session or when they became invalid - Entire code refactoring for both securitykey and session module - This pull request partly replaces viur-framework#704
ArneGudermann
requested changes
Jun 13, 2023
There was a problem hiding this comment.
Hey @phorward thank you for this PR. I have a littel suggetion. Can you please take a look.
Co-authored-by: agudermann <47318461+ArneGudermann@users.noreply.github.com>
sveneberth
requested changes
Jun 16, 2023
core/securitykey.py
Outdated
| return True | ||
|
|
||
| elif session.validateSecurityKey(key): | ||
| if session and key == "staticSessionKey": |
There was a problem hiding this comment.
Can we please introduce a constant for this?
e.g.
STATIC_KEY = "staticSessionKey"(without "session", bc if you do import session from viur.core and do session.STATIC_KEY, "session" would be redundant otherwise)
Suggested change
| if session and key == "staticSessionKey": | |
| if session and key == STATIC_KEY: |
There was a problem hiding this comment.
0bfc59e cleans up the use of the static session key and its naming.
There was a problem hiding this comment.
But things got mixed up here.
SECURITYKEY_STATIC now contains the header name. The static key for the session skey, which was previously "staticSessionKey", is now also the header name "Sec-X-ViUR-StaticSessionKey". This is btw. a breaking change...
Co-authored-by: Sven Eberth <mail@sveneberth.de>
…ore into feat-securitykey.rewrite
phorward
added
feature
- removed duration flag - added amount flag - batch-mode only possible for authenticated users
phorward
commented
Jun 23, 2023
+ updated the security key documentation
akelch
approved these changes
Jun 27, 2023
Closed
sveneberth
added a commit
to sveneberth/viur-core
that referenced
this pull request
Nov 26, 2023
Resolve viur-framework#796 as follow-up of viur-framework#764
phorward
pushed a commit
that referenced
this pull request
Dec 8, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is a draft for solving the problem of one session-based securitykey, making multiple requests in parallel impossible. This pull request partly replaces #704.
Features:
session-flag is True (default)/json/skey' acceptsamount`-flag for batch-mode skey requesting (decreases amount of requests)