Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SMA-80: allow logging in and signing up with expired jwt token #71

Merged
merged 15 commits into from
Apr 15, 2024
Merged

SMA-80: allow logging in and signing up with expired jwt token #71

merged 15 commits into from
Apr 15, 2024

Conversation

ivamach
Copy link
Collaborator

@ivamach ivamach commented Apr 12, 2024

In the Navbar changed the code to delete token from local storage if the HTML error code is 401 or 403
In PrivateRoute used the same code, instead of checking if there is a token in the local storage.

@ivamach ivamach changed the title SMA-80: allow logging in and signing up with expired jwt token WIP: SMA-80: allow logging in and signing up with expired jwt token Apr 13, 2024
@ivamach ivamach changed the title WIP: SMA-80: allow logging in and signing up with expired jwt token SMA-80: allow logging in and signing up with expired jwt token Apr 14, 2024
MatejFrnka
MatejFrnka requested changes Apr 14, 2024
View reviewed changes
Copy link
Owner

@MatejFrnka MatejFrnka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would still like it to be a little differently, sorry. (At least if it does what i think it does)

backend/sportsmatch/src/main/java/com/sportsmatch/auth/JwtAuthFilter.java Outdated
try {
userEmail = jwtService.extractUserName(jwt);
} catch (Exception e) {
response.setStatus(HttpStatus.UNAUTHORIZED.value());
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this let you see public endpoints when you have invalid token?

I think it may be better to simply not add anything to the user context (instead of returning 401) and thus still allowing access to public endpoints.

MatejFrnka
MatejFrnka approved these changes Apr 15, 2024
View reviewed changes
Copy link
Owner

@MatejFrnka MatejFrnka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good job

@MatejFrnka MatejFrnka merged commit 0fc029e into develop Apr 15, 2024
6 checks passed
@MatejFrnka MatejFrnka deleted the SMA-80-Allow-logging-in-and-signing-up-with-expired-jwt-token branch April 15, 2024 19:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@markpernia markpernia markpernia approved these changes

@Johna91 Johna91 Johna91 approved these changes

@MatejFrnka MatejFrnka MatejFrnka approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ivamach @MatejFrnka @Johna91 @markpernia