Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Properly logout of Wazuh API when logging out of the application #2789

Closed
davidjiglesias opened this issue Jan 19, 2021 · 2 comments
Closed

Properly logout of Wazuh API when logging out of the application #2789

davidjiglesias opened this issue Jan 19, 2021 · 2 comments
Assignees
@gabiwassan
Labels
type/bug Bug issue
Milestone
Sprint 124 - WUI

Comments

@davidjiglesias
Copy link
Member

davidjiglesias commented Jan 19, 2021
edited

Wazuh Elastic Rev
4.0.4 7.9.1/7.9.3 4015

Description
The Kibana APP is not calling DELETE /security/user/authenticate to logout current Wazuh API user and revoke the issued JWT token when logging out of the application.

This causes the JWT token to remain valid and allows to replay a previously-captured request after a user logs out of the application.

Regards,

David J. Iglesias
@frankeros frankeros added this to the Sprint 124 - WUI milestone Feb 1, 2021
@gabiwassan gabiwassan self-assigned this Feb 10, 2021
@gabiwassan gabiwassan mentioned this issue Feb 12, 2021
Merged
@gabiwassan
Copy link
Contributor

Working on this issue on this PR

@gabiwassan
Copy link
Contributor

Working on this issue on this PR

PR on revision. For the moment only work for Open Distro on an explicit logout

@gabiwassan gabiwassan mentioned this issue Feb 24, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gabiwassan gabiwassan

Labels
type/bug Bug issue
Projects
None yet
Milestone
Sprint 124 - WUI
Development

No branches or pull requests
3 participants
@gabiwassan @frankeros @davidjiglesias