Project

General

Profile

Actions

Task #1833

closed

Disabled token should logout only original user

Added by Vít Švanda over 5 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Vít Švanda
Category:
Password
Target version:
Start date:
09/03/2019
Due date:
% Done:

100%

Estimated time:
Owner:

Related issues

Related to IdStory Identity Manager - Defect #1988: Login dialog is not shown, when token is disabledClosedRadek Tomiška12/11/2019

Actions
Actions #1

Updated by Vít Švanda over 5 years ago

  • Status changed from In Progress to Needs feedback
  • Assignee changed from Vít Švanda to Radek Tomiška
  • % Done changed from 0 to 90

Hard, but I found and fixed problems.

Main problems were two:

  • If token is disabled (because logout or some permissions changed), then AUTHORITY_CHANGED exception is throw. On this exception did FE logout the currently logged user. Problem here was in situation, when some request pending (long-polling) and in meantime user made a logout and login as differed user. After original request ended, was throw exception form BE, because token in the request was already disabled (because logout). FE receive the exception and made a logout for new user. I implemented new behavior, when logout of the user is made only if hash of token on FE and in the exception is same (if AUTHORITY_CHANGED exception is returned). I had to add new library on FE for computing SHA1 hash. I extended AUTHORITY_CHANGED exception on BE for return hash of token in this exception.
  • The second problem was in situations where BE returns some response with exception. In this caseses was returned token used as new and setted to the SecurityContext. I modified this behavior and if FE receive response with some HTTP code larger then 400, then I don't make refresh of the token.

Commit: https://github.com/bcvsolutions/CzechIdMng/commit/d93dc03581705453990fac5981accfc2b7da61f1

Actions #2

Updated by Radek Tomiška over 5 years ago

  • Status changed from Needs feedback to Resolved
  • Assignee changed from Radek Tomiška to Vít Švanda
  • % Done changed from 90 to 100

I did test and code review, it works and code is nice, thx!

Actions #3

Updated by Radek Tomiška over 5 years ago

  • Status changed from Resolved to Closed
Actions #4

Updated by Radek Tomiška about 5 years ago

  • Related to Defect #1988: Login dialog is not shown, when token is disabled added
Actions

Also available in: Atom PDF