Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(jwt): Whitelist encoded JWT attributes #3090

Closed
wants to merge 1 commit into from
Closed

fix(jwt): Whitelist encoded JWT attributes #3090

wants to merge 1 commit into from

Conversation

Tirokk
Copy link
Member

@Tirokk Tirokk commented Oct 5, 2020

roschaefer Authored by roschaefer
Feb 18, 2020
Merged Feb 18, 2020

This will prevent unintentional encoding of users email addresses in the
JWT.

@steffi201028 this might be interesting for you as well.

🍰 Pullrequest

Issues

Todo

  • None

@roschaefer
fix(jwt): Encode only 3 attributes in JWT
e41a639 
This will prevent unintentional encoding of users email addresses in the
JWT.

@steffi201028 this might be interesting for you as well.
@Tirokk
Copy link
Member Author

Tirokk commented Oct 7, 2020

roschaefer Authored by roschaefer
Feb 18, 2020

I don't know but maybe that might also fix our stalling builds. After all, we encode the entire user object in our cypress tests @mattwr18

@Tirokk
Copy link
Member Author

Tirokk commented Oct 7, 2020

cypress[bot] Authored by cypress[bot]
Feb 18, 2020


Test summary

61 0 0 0

Run details
Project Human-Connection
Status Passed
Commit 8e51a0e59a
Started Feb 18, 2020 11:07 AM
Ended Feb 18, 2020 11:18 AM
Duration 11:26 💡
OS Linux Ubuntu Linux - 16.04
Browser Electron 78

View run in Cypress Dashboard ➡️

This comment has been generated by cypress-bot as a result of this project's GitHub integration settings. You can manage this integration in this project's settings in the Cypress Dashboard

Tirokk
Tirokk commented Oct 7, 2020
View reviewed changes
backend/src/jwt/encode.spec.js
}
})

it('encodes a valided JWT bearer token', () => {
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

mattwr18 Authored by mattwr18
Feb 18, 2020

Outdated (history rewrite) - original diff

@@ -0,0 +1,62 @@
+import encode from './encode'
+import jwt from 'jsonwebtoken'
+import CONFIG from './../config'
+
+describe('encode', () => {
+  let payload
+  beforeEach(() => {
+    payload = {
+      name: 'Some body',
+      slug: 'some-body',
+      id: 'some-id',
+    }
+  })
+
+  it('encodes a valided JWT bearer token', () => {
Suggested change
it('encodes a valided JWT bearer token', () => {
it('encodes a valid JWT bearer token', () => {

normally, I would suggest this change, but with the build server so difficult to get passing, I think we can make this change some other time

@Mogge Mogge closed this Oct 8, 2020
@ulfgebhardt ulfgebhardt deleted the pr3090head branch January 7, 2021 04:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Mogge Mogge Mogge approved these changes

Assignees
No one assigned
Labels
Github Import
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Tirokk @Mogge @roschaefer