Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Refresh failed pass #286

Merged
merged 3 commits into from
Oct 2, 2019
Merged

Conversation

cretzel
Copy link

@cretzel cretzel commented Oct 1, 2019

Problem: When unauth_action is "pass" and refresh of token fails, e.g. because refresh token has expired, then the session attribute "authenticated" is still true. In this case the request will be passed, although the user is not authenticated.

Setting session.data.authenticated to false and returning an error will allow a client to detect, if the refresh was successful.

@bodewig bodewig merged commit 95b5259 into zmartzone:master Oct 2, 2019
bodewig added a commit that referenced this pull request Oct 2, 2019
@bodewig
Copy link
Collaborator

bodewig commented Oct 2, 2019

Thank you @cretzel !

@cretzel
Copy link
Author

cretzel commented Oct 2, 2019

Just my two cents. Thank you for maintaining this project.

@cretzel cretzel deleted the refresh_failed_pass branch October 2, 2019 06:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants