- Notifications
You must be signed in to change notification settings - Fork631
fix: session creation - checking tenant for user#1063
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
base:9.3
Are you sure you want to change the base?
Uh oh!
There was an error while loading.Please reload this page.
Conversation
build.gradle Outdated
| //} | ||
| version="9.2.3" | ||
| version="9.2.4" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
should be 9.3.1 ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
done
coreDriverInterfaceSupported.json Outdated
| "5.0", | ||
| "5.1" | ||
| "5.1", | ||
| "5.2" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Needs updating ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
done
CHANGELOG.md Outdated
| - Adds support for CDI 5.2 | ||
| - In CDI 5.2, when creating a new session for a known user, checks if the user is a member of that tenant. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Should be 5.3 ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
done
| importio.supertokens.storageLayer.StorageLayer; | ||
| importio.supertokens.useridmapping.UserIdMapping; | ||
| importio.supertokens.useridmapping.UserIdType; | ||
| importio.supertokens.utils.SemVer; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
we avoid using SemVer in this layer
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
done
| @NonnullJsonObjectuserDataInDatabase, | ||
| booleanenableAntiCsrf,AccessToken.VERSIONversion, | ||
| booleanuseStaticKey) | ||
| booleanuseStaticKey,SemVersemVer) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Instead of passing semVer here, pass a boolean that indicates whether to check the user tenant or not.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
done
| recipeUserId =userIdMappings.get(recipeUserId); | ||
| } | ||
| if(semVer!=null &&semVer.greaterThanOrEqualTo(SemVer.v5_2)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
simply use a boolean whether to do this check or not
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
done
CHANGELOG.md Outdated
| - Adds support for CDI 5.2 | ||
| - In CDI 5.2, when creating a new session for a known user, checks if the user is a member of that tenant. | ||
| If not, returns UNAUTHORISED. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
I don't think UNAUTHORISED is the right thing to return here. You may want to add a different status like USER_DOES_NOT_BELONG_TO_TENANT_ERROR.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
done
CHANGELOG.md Outdated
| CREATEINDEXoauth_logout_challenges_time_created_indexON oauth_logout_challenges(time_createdASC, app_idASC); | ||
| ``` | ||
| >>>>>>>origin/master |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
merge error?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
it is. Sorry I missed this
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
done
| super.sendJsonResponse(200,result,resp); | ||
| }catch (AccessTokenPayloadErrore) { | ||
| thrownewServletException(newBadRequestException(e.getMessage())); | ||
| }catch (UnauthorisedExceptione) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
catching Unauthorised and returning a different status could get confusing. Create a new exception type for this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
sure, okay
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
done
Summary of change
When creating a session for a userId which is known by ST, check if the user is part of that tenant.
Related issues
Test Plan
(Write your test plan here. If you changed any code, please provide us with clear instructions on how you verified your
changes work. Bonus points for screenshots and videos!)
Documentation changes
(If relevant, please create a PR in ourdocs repo, or create a checklist here
highlighting the necessary changes)
Checklist for important updates
coreDriverInterfaceSupported.jsonfile has been updated (if needed)pluginInterfaceSupported.jsonfile has been updated (if needed)build.gradlegetPaidFeatureStatsfunction in FeatureFlag.java filebuild.gradle, please make sure to add themin
implementationDependencies.json.getValidFieldsinio/supertokens/config/CoreConfig.javaif new aliases were added for any coreconfig (similar to the
access_token_signing_key_update_intervalconfig alias).git tag) in the formatvX.Y.Z, and then find thelatest branch (
git branch --all) whoseX.Yis greater than the latest released tag.app_id_to_user_idtable, make sure to delete from this table when deletingthe user as well if
deleteUserIdMappingToois false.