Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enhance endpoint security for /api/v1/users/sign_in with randomization #6207

Open
3 tasks
7riumph opened this issue Feb 1, 2025 · 0 comments · May be fixed by #6216
Open
3 tasks

Enhance endpoint security for /api/v1/users/sign_in with randomization #6207

7riumph opened this issue Feb 1, 2025 · 0 comments · May be fixed by #6216
Labels
codethechange for codethechange developers

Comments

@7riumph
Copy link
Collaborator

7riumph commented Feb 1, 2025
edited
Loading

Part of epic #3942

What type of user does this affect?

  • volunteers

How should it operate? ⚙️🛠️

Endpoint can now output randomized token and refresh_token on successful /api/v1/sign_in request.

Additionally, since tokens now expire, user model has token_expires_at and refresh_token_expires_at datetimes.

Acceptance Criteria

  • Expands the user model to handle both the token and refresh token, as well as their expiration times.
  • Creates functions to generate randomized tokens in user.rb and set default expiration to 7 hours and 30 days
  • Updates session controller and base controller with new details if applicable

Helpful Links
@7riumph 7riumph mentioned this issue Feb 1, 2025
Open
20 tasks
@7riumph 7riumph changed the title Enhance users token security for /api/v1/sign_in Enhance users token security for /api/v1/sign_in with JWT Feb 3, 2025
@7riumph 7riumph changed the title Enhance users token security for /api/v1/sign_in with JWT Enhance users token security for /api/v1/sign_in with JWT token Feb 3, 2025
@7riumph 7riumph changed the title Enhance users token security for /api/v1/sign_in with JWT token Enhance endpoint security for /api/v1/sign_in with JWT tokens Feb 3, 2025
@7riumph 7riumph added the codethechange for codethechange developers label Feb 3, 2025
@7riumph 7riumph changed the title Enhance endpoint security for /api/v1/sign_in with JWT tokens Enhance endpoint security for /api/v1/users/sign_in with JWT tokens Feb 4, 2025
@7riumph 7riumph changed the title Enhance endpoint security for /api/v1/users/sign_in with JWT tokens Enhance endpoint security for /api/v1/users/sign_in with refresh tokens Feb 5, 2025
@7riumph 7riumph changed the title Enhance endpoint security for /api/v1/users/sign_in with refresh tokens Enhance endpoint security for /api/v1/users/sign_in with refresh_tokens Feb 5, 2025
@7riumph 7riumph changed the title Enhance endpoint security for /api/v1/users/sign_in with refresh_tokens Enhance endpoint security for /api/v1/users/sign_in with randomization Feb 5, 2025
@7riumph 7riumph changed the title Enhance endpoint security for /api/v1/users/sign_in with randomization Enhance endpoint security for /api/v1/users/sign_in Feb 5, 2025
@7riumph 7riumph changed the title Enhance endpoint security for /api/v1/users/sign_in Enhance endpoint security for /api/v1/users/sign_in with randomization Feb 6, 2025
@7riumph 7riumph changed the title Enhance endpoint security for /api/v1/users/sign_in with randomization Enhance endpoint security for /api/v1/users/sign_in with JWT tokens Feb 6, 2025
@7riumph 7riumph changed the title Enhance endpoint security for /api/v1/users/sign_in with JWT tokens Enhance endpoint security for /api/v1/users/sign_in with with JWT tokens Feb 6, 2025
@7riumph 7riumph changed the title Enhance endpoint security for /api/v1/users/sign_in with with JWT tokens Enhance endpoint security for /api/v1/users/sign_in with JWT tokens Feb 6, 2025
@7riumph 7riumph changed the title Enhance endpoint security for /api/v1/users/sign_in with JWT tokens Enhance endpoint security for /api/v1/users/sign_in with randomization Feb 6, 2025
@7riumph 7riumph linked a pull request Feb 6, 2025 that will close this issue
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
codethechange for codethechange developers
Projects
CASA Volunteer Portal
Status: Todo
Milestone
No milestone
2 participants
@7riumph @xihai01