Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Infinite authentication loop #1622

Merged
merged 1 commit into from
Jun 11, 2024
Merged

fix: Infinite authentication loop #1622

merged 1 commit into from
Jun 11, 2024

Conversation

MoritzWeber0
Copy link
Member

When the refresh token was expired, the backend sent the error "TOKEN_SIGNATURE_EXPIRED". The frontend did then request a new refresh token, leading to an infinite loop and a DDOS attack on our backend.

The error was accidentially added in #1569.

@codecov Codecov
Copy link

codecov bot commented Jun 11, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 75.00000% with 2 lines in your changes missing coverage. Please review.

Project coverage is 80.66%. Comparing base (27e5007) to head (a1a0314).
Report is 127 commits behind head on main.

Files with missing lines Patch % Lines
...nd/capellacollab/core/authentication/basic_auth.py 0.00% 1 Missing ⚠️
...acollab/core/authentication/provider/oauth/flow.py 0.00% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1622      +/-   ##
==========================================
+ Coverage   80.64%   80.66%   +0.01%     
==========================================
  Files         185      185              
  Lines        6029     6035       +6     
  Branches      675      675              
==========================================
+ Hits         4862     4868       +6     
  Misses       1021     1021              
  Partials      146      146

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@MoritzWeber0
fix: Infinite authentication loop
a1a0314 
When the refresh token was expired, the backend sent the error
"TOKEN_SIGNATURE_EXPIRED". The frontend did then request a new refresh token,
leading to an infinite loop and a DDOS attack on our backend.

The error was accidentially added in #1569.
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Jun 11, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

@MoritzWeber0 MoritzWeber0 merged commit 287eaf0 into main Jun 11, 2024
28 of 29 checks passed
@MoritzWeber0 MoritzWeber0 deleted the fix-authentication-loop branch June 11, 2024 15:25
@MoritzWeber0 MoritzWeber0 mentioned this pull request Jun 13, 2024
Merged
15 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@MoritzWeber0