Skip to content

fix JWT verification #18957

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 19, 2023
Merged

fix JWT verification #18957

merged 1 commit into from
Oct 19, 2023

Conversation

akosyakov
Copy link
Member

@akosyakov akosyakov commented Oct 19, 2023
edited by ghost
Loading

Description

Summary generated by Copilot

🤖 Generated by Copilot at 5f331ca

Refactor session handling logic in server component. Simplify code by reusing subject variable in session-handler.ts.

Related Issue(s)

Fixes #

How to test

Documentation

Preview status

gitpod:summary

Build Options

Build
  • /werft with-werft
    Run the build with werft instead of GHA
  • leeway-no-cache
  • /werft no-test
    Run Leeway with --dont-test
Publish
  • /werft publish-to-npm
  • /werft publish-to-jb-marketplace
Installer
  • analytics=segment
  • with-dedicated-emulation
  • workspace-feature-flags
    Add desired feature flags to the end of the line above, space separated
Preview Environment / Integration Tests
  • /werft with-local-preview
    If enabled this will build install/preview
  • /werft with-preview
  • /werft with-large-vm
  • /werft with-gce-vm
    If enabled this will create the environment on GCE infra
  • with-integration-tests=all
    Valid options are all, workspace, webapp, ide, jetbrains, vscode, ssh. If enabled, with-preview and with-large-vm will be enabled.
  • with-monitoring

/hold

@akosyakov akosyakov requested a review from a team as a code owner October 19, 2023 13:09
mustard-mh
mustard-mh reviewed Oct 19, 2023
View reviewed changes
components/server/src/session-handler.ts
@@ -113,7 +113,7 @@ export class SessionHandler {
if (!subject) {
throw new Error("Subject is missing from JWT session claims");
}
return await this.userService.findUserById(claims.subject, claims.subject);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we check userId if it's correct uuid inside function too

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah, I think we need add more guards and tests afterwards, but we need to fix state on main too

@akosyakov
Copy link
Member Author

/unhold

@roboquat roboquat merged commit 90c3541 into main Oct 19, 2023
@roboquat roboquat deleted the ak/fix_jwt_verify branch October 19, 2023 13:24
akosyakov added a commit that referenced this pull request Oct 19, 2023
@akosyakov
Revert "fix JWT verification (#18957)"
5b04cbb 
This reverts commit 90c3541.
roboquat pushed a commit that referenced this pull request Oct 19, 2023
@akosyakov
Ak/revert (#18959)
7f3b3c7 
* Revert "fix JWT verification (#18957)"

This reverts commit 90c3541.

* Revert "[public-api] add rate limiting in server (#18953)"

This reverts commit 01f100b.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mustard-mh mustard-mh mustard-mh approved these changes

Assignees
No one assigned
Labels
size/XS team: team-experience
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@akosyakov @mustard-mh @roboquat