Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix/refresh token #9135

Merged
merged 4 commits into from
Dec 18, 2024
Merged

Fix/refresh token #9135

merged 4 commits into from
Dec 18, 2024

Conversation

AMoreaux
Copy link
Contributor

No description provided.

@AMoreaux
feat(auth): add workspaceId validation and token expiration
f8dac40 
Added validation to ensure refresh tokens include a workspaceId, throwing an exception for malformed tokens. Included workspaceId in payloads and introduced expiration handling for access tokens. This enhances token security and prevents potential misuse.
@AMoreaux
refactor(auth): annotate deprecation for token workspace check
d5db062 
Added a TODO comment to mark the workspaceId validation for removal after March 31st. This prepares for planned cleanup and ensures clear communication of future changes.
@AMoreaux
fix test
45d8a50
@AMoreaux
Merge remote-tracking branch 'origin/main' into fix/refresh-token
f8a8524
@AMoreaux AMoreaux self-assigned this Dec 18, 2024
greptile-apps[bot]
greptile-apps bot reviewed Dec 18, 2024
View reviewed changes
Copy link
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR Summary

Updated refresh token service tests to include workspaceId parameter in JWT payload verification and generation, aligning with the service implementation requirements.

  • Modified test in packages/twenty-server/src/engine/core-modules/auth/token/services/refresh-token.service.spec.ts to include workspaceId in mock JWT payload verification
  • Added workspaceId parameter validation in verifyRefreshToken test cases
  • Updated generateRefreshToken test to verify workspaceId is properly included in token signing
  • Enhanced error test cases to cover missing workspaceId scenarios

1 file(s) reviewed, no comment(s)
Edit PR Review Bot Settings | Greptile

@FelixMalfait FelixMalfait merged commit 7375ab8 into main Dec 18, 2024
20 checks passed
@FelixMalfait FelixMalfait deleted the fix/refresh-token branch December 18, 2024 18:10
@github-actions GitHub Actions
Copy link

Thanks @AMoreaux for your contribution!
This marks your 33rd PR on the repo. You're top 2% of all our contributors 🎉
See contributor page - Share on LinkedIn - Share on Twitter

Contributions

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

@FelixMalfait FelixMalfait Awaiting requested review from FelixMalfait

Assignees

@AMoreaux AMoreaux

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@AMoreaux @FelixMalfait