Skip to content

Fix users create session secret #9019

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 23, 2024
Merged

Fix users create session secret #9019

merged 1 commit into from
Nov 23, 2024

Conversation

stnguyen90
Copy link
Contributor

What does this PR do?

  1. Include at least 1 factor because the minumum number of factors
    required when mfa is disabled is 1.
  2. Purge the cached user document to ensure the new session is included
    in subsequent requests for the user.
  3. Fix the encoding of the secret to match other parts of the codebase.

Fixes #8569

Test Plan

Updated test case

Related PRs and Issues

Checklist

  • Have you read the Contributing Guidelines on issues?
  • If the PR includes a change to an API's metadata (desc, label, params, etc.), does it also include updated API specs and example docs?

@stnguyen90
fix: update secret returned from users.createSession()
014c613 
1. Include at least 1 factor because the minumum number of factors
   required when mfa is disabled is 1.
2. Purge the cached user document to ensure the new session is included
   in subsequent requests for the user.
3. Fix the encoding of the secret to match other parts of the codebase.
@stnguyen90 stnguyen90 linked an issue Nov 22, 2024 that may be closed by this pull request
🐛 Bug Report: "Users.createSession()" returns invalid session secret #8569
Closed
2 tasks
@github-actions GitHub Actions
Copy link

✨ Benchmark results

  • Requests per second: 1,169
  • Requests with 200 status code: 210,434
  • P99 latency: 0.181655777

⚡ Benchmark Comparison

Metric This PR Latest version
RPS 1,169 2,071
200 210,434 372,786
P99 0.181655777 0.076079475

loks0n
loks0n reviewed Nov 22, 2024
View reviewed changes
app/controllers/api/users.php
$session
->setAttribute('secret', $secret)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have to document this right, it's sort of breaking? Some people could be relying on it

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think anyone is using it because it doesn't work.

@stnguyen90 stnguyen90 merged commit 8da2b24 into 1.6.x Nov 23, 2024
62 of 63 checks passed
@stnguyen90 stnguyen90 deleted the fix-8569-users-create-session-secret branch November 23, 2024 05:55
@pingu2k4 pingu2k4 mentioned this pull request Nov 23, 2024
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@loks0n loks0n loks0n approved these changes

@christyjacob4 christyjacob4 Awaiting requested review from christyjacob4

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

🐛 Bug Report: "Users.createSession()" returns invalid session secret
2 participants
@stnguyen90 @loks0n
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy