Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Could not verify JWT bug #2384

Merged
merged 2 commits into from
Nov 6, 2023
Merged

fix: Could not verify JWT bug #2384

merged 2 commits into from
Nov 6, 2023

Conversation

DafyddLlyr
Copy link
Contributor

@DafyddLlyr DafyddLlyr commented Nov 6, 2023

What's the problem?

What's the cause?

  • The middlewares useRoleAuth and useLoginAuth were only getting JWT's from req.cookies
  • However, auth headers were being used by the frontend to pass along the JWT to the API

What's the solution?

  • Update middlewares to get this data from the auth headers

Why wasn't this caught in testing?

  • API docs were reading req.cookies despite the additional Swagger authorisation
  • E2E tests are adding a cookie to all requests using the helper method createAuthenticatedSession()

Copy link

github-actions bot commented Nov 6, 2023

Removed vultr server and associated DNS entries

@DafyddLlyr DafyddLlyr marked this pull request as ready for review November 6, 2023 12:52
@DafyddLlyr DafyddLlyr requested a review from a team November 6, 2023 12:52
@DafyddLlyr DafyddLlyr mentioned this pull request Nov 6, 2023
Copy link
Member

@jessicamcinchak jessicamcinchak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for catching this one, pizza working as expected 👍

@DafyddLlyr DafyddLlyr merged commit eafd15c into main Nov 6, 2023
12 checks passed
@DafyddLlyr DafyddLlyr deleted the dp/verify-jwt-bug branch November 6, 2023 14:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants