This repository was archived by the owner on Mar 10, 2023. It is now read-only.
Check cookie exists and subject on cookie before using #624
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
We were checking if we had a cookie, but not then checking if it was not empty, and the subject was not empty before using it for redirecting to the user's dashboard (If they navigated to / or /dashboard) Tested by deploying new dashboard, deleting cookie, setting cookie to empty string etc. All returned no error (but did show 401 not authorized) Signed-off-by: Alistair Hey <[email protected]>
5 tasks
Waterdrips
added a commit
to Waterdrips/ofc-bootstrap
that referenced
this pull request
Apr 26, 2020
The env var for cookie_root_domain was missing from the system_dashboard deployment, this meant when users with OAuth enabled did not get their token removed when clicking logout. see openfaas/openfaas-cloud#623 see openfaas/openfaas-cloud#624 This was tested by updating an existing deployment with the new setting and logging out, the cookie was removed and the oauth flow was triggered to gain a new token Signed-off-by: Alistair Hey <[email protected]>
alexellis
pushed a commit
to openfaas/ofc-bootstrap
that referenced
this pull request
May 11, 2020
The env var for cookie_root_domain was missing from the system_dashboard deployment, this meant when users with OAuth enabled did not get their token removed when clicking logout. see openfaas/openfaas-cloud#623 see openfaas/openfaas-cloud#624 This was tested by updating an existing deployment with the new setting and logging out, the cookie was removed and the oauth flow was triggered to gain a new token Signed-off-by: Alistair Hey <[email protected]>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
We were checking if we had a cookie, but not then checking if it was not
empty, and the subject was not empty before using it for redirecting to
the user's dashboard (If they navigated to / or /dashboard)
Fixes #623
How Has This Been Tested?
Tested by deploying new dashboard, deleting cookie, setting cookie to
empty string etc. All returned no error (but did show 401 not
authorized)
Signed-off-by: Alistair Hey [email protected]
How are existing users impacted? What migration steps/scripts do we need?
This is an edge-case which i was not able to replicate. New deployment of the dashboard to get the latest fix.
Checklist:
I have:
git commit -s