Users must be authenticated to use auth:logout #1279
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
scottinet
changed the title
benoitvidis
approved these changes
Mar 28, 2019
alexandrebouthinon
approved these changes
Mar 29, 2019
Codecov Report
@@ Coverage Diff @@
## 1-dev #1279 +/- ##
==========================================
+ Coverage 93.85% 93.85% +<.01%
==========================================
Files 98 98
Lines 6783 6784 +1
==========================================
+ Hits 6366 6367 +1
Misses 417 417
Continue to review full report at Codecov.
|
Yoann-Abbes
approved these changes
Apr 3, 2019
Merged
Aschen
pushed a commit
that referenced
this pull request
Apr 29, 2019
# [1.7.3](https://github.com/kuzzleio/kuzzle/releases/tag/1.7.3) (2019-04-29) #### Bug fixes - [ [#1288](#1288) ] [bulk] fix an error when trying a non-partial bulk update ([scottinet](https://github.com/scottinet)) - [ [#1286](#1286) ] [bugfix] allows bulk inserts on aliases ([benoitvidis](https://github.com/benoitvidis)) - [ [#1282](#1282) ] [bugfix] scan keys on redis cluster ([benoitvidis](https://github.com/benoitvidis)) - [ [#1279](#1279) ] Users must be authenticated to use auth:logout ([scottinet](https://github.com/scottinet)) #### Enhancements - [ [#1292](#1292) ] KZL 1032 - Throw an error when the realtime controller is invoked by plugin developers ([benoitvidis](https://github.com/benoitvidis)) - [ [#1257](#1257) ] Add ability to define mapping policy for new fields ([Aschen](https://github.com/Aschen)) - [ [#1291](#1291) ] [Kuzzle CLI] Fix --help on subcommands ([Yoann-Abbes](https://github.com/Yoann-Abbes)) - [ [#1289](#1289) ] [WebSocket] Handle ping/pong packets ([scottinet](https://github.com/scottinet)) - [ [#1273](#1273) ] Fix incomplete access logs ([scottinet](https://github.com/scottinet)) ---
Merged
Aschen
added a commit
that referenced
this pull request
Jun 14, 2019
Release 1.8.0
Bug fixes
[ #1311 ] Fix promise leaks (scottinet)
[ #1298 ] Fix disabled protocol initialization (Aschen)
[ #1297 ] Fix timeouts on plugin action returing the request (benoitvidis)
[ #1288 ] Fix an error when trying a non-partial bulk update (scottinet)
[ #1286 ] Allows bulk inserts on aliases (benoitvidis)
[ #1282 ] Scan keys on redis cluster (benoitvidis)
[ #1279 ] Users must be authenticated to use auth:logout (scottinet)
New features
[ #1315 ] Add the new Vault module to handle encrypted application secrets (Aschen)
[ #1302 ] Add write and mWrite (Aschen)
[ #1305 ] Add pipes & hooks wildcard event (thomasarbona)
Enhancements
[ #1318 ] Add a maximum ttl to auth:login (benoitvidis)
[ #1301 ] Upgrade the WebSocket libraries (scottinet)
[ #1308 ] Events triggering refactor (scottinet)
[ #1300 ] Collection specifications methods cloisoned to a collection (thomasarbona)
[ #1295 ] Improve validation error messages (benoitvidis)
[ #1292 ] Throw an error when the realtime controller is invoked by plugin developers (benoitvidis)
[ #1257 ] Add ability to define mapping policy for new fields (Aschen)
[ #1291 ] Fix --help on subcommands (Yoann-Abbes)
[ #1289 ] Handle ping/pong packets (scottinet)
[ #1273 ] Fix incomplete access logs (scottinet)
Others
[ #1317 ] Add ps dependency to plugin-dev Docker image for pm2 (benoitvidis)
[ #1312 ] Check that .kuzzlerc.sample is well-formed (scottinet)
[ #1299 ] Add Kuzzle Nightly & Redis 3 and 4 test (alexandrebouthinon)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
When invoking
auth:logoutwithout being authenticated, kuzzle tries to clean the token from redis (which obviously does not exist) and the API route responds with a success status.It doesn't seem sane to me to access redis while we now full well that there is no token to clean. So, we have 2 possibilites to prevent that:
I believe that an explicit behavior is always better, so I opted for the second solution