Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add endpoint for allowing admins to force rotate a user's token #3272

Merged
merged 2 commits into from
Oct 26, 2022
Merged

Add endpoint for allowing admins to force rotate a user's token #3272

merged 2 commits into from
Oct 26, 2022

Conversation

ShiftedMr
Copy link

@ShiftedMr ShiftedMr commented Oct 10, 2022
edited
Loading

Reason: Better security management as admins can force rotate a token if someone commits their token in plaintext somewhere.
To Test
0. Requires 2 user accounts for testing. 1 admin 1 nonadmin

  1. `curl -X POST -H"Authorization: Bearer " /api/users//token/rotate
  2. Go to 's user page while logged in as them
  3. Verify token rotated
  4. `curl -X POST -H"Authorization: Bearer " /api/users//token/rotate
  5. Receive Error
  6. Go to 's user page while logged in as them
  7. Verify token did not rotate

### From Checklist:

  • Commit is a single logical unit of work, only use multiple commits if doing different tasks
  • Commit does not include commented out code or unneeded files
  • Rebase of main branch

The Content

  • Must include testing for bug or feature
  • Must include appropriate documentation changes if it is introducing a new feature or changing existing functionality
  • Must pass existing test suites

The Commit Message

  • Short meaningful description (ex: remove deprecated steps)
  • Uses the imperative, present tense: "change", not "changed" or "changes"
  • Includes motivation for the change, and contrasts its implementation with the previous behavior

The Pull Request

  • What is the reason for this change
  • Example usage of the failure for a bug, or configuration and expected output for a feature
  • Steps to test the change

@CLAassistant
Copy link

CLAassistant commented Oct 10, 2022
edited
Loading

CLA assistant check
All committers have signed the CLA.

eoinmcafee00
eoinmcafee00 suggested changes Oct 25, 2022
View reviewed changes
Copy link

@eoinmcafee00 eoinmcafee00 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hey @ShiftedMr
Why is this tested comment out?

@ShiftedMr
Copy link
Author

Hi @eoinmcafee00,
Thanks I somehow didn't realize I forgot to finish that. I fixed that and added a Usernotfound test.

@eoinmcafee00 eoinmcafee00 merged commit c7587fd into harness:master Oct 26, 2022
bot2-harness pushed a commit that referenced this pull request Jan 15, 2025
@ritek01
fix: [AH-831]: Updated Error Message for Upstream Delete Fail (#3272)
77e8ef4 
* fix: [AH-831]: Updated Manifest_reference Foreign
* fix: [AH-831]: Updated Error Message for Upstream Delete Fail
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eoinmcafee00 eoinmcafee00 eoinmcafee00 approved these changes

Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ShiftedMr @CLAassistant @eoinmcafee00 @d1wilko