Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixes #38108 - As a user I want to invalidate tokens for self(UI) #10405

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from

Conversation

girijaasoni
Copy link
Contributor

No description provided.

@github-actions github-actions bot added the UI label Dec 17, 2024
@girijaasoni girijaasoni force-pushed the 38108 branch 2 times, most recently from f3234ce to 95f093f Compare December 17, 2024 13:05
Copy link

@Lennonka Lennonka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Microcopy review

<h1>{__('JWT Tokens')}</h1>
<p>
{__(
'By invalidating tokens,you will no longer be able to register hosts by using their JWTs.'

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
'By invalidating tokens,you will no longer be able to register hosts by using their JWTs.'
'By invalidating your JSON Web Tokens (JWTs), you will no longer be able to register hosts by using your existing JWTs.'

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

process_success(
:success_msg => _('Successfully invalidated JWTs for %s.') % @user.login
)
unless editing_self?
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why this change? Why not to have same response as before?

APIActions.patch({
url: `/users/${userId}/invalidate_jwt`,
key: `INVALIDATE-JWT`,
successToast: () =>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What if the call is not successful?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That will not happen, Like we discussed in the first story PR, there will be no case when invalidation won't work. I can add a safety failed toast, what do you think?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What if user was logged out meanwhile? The Rails will respond with 501

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we are sending :ok status at all times, ref
I think I can add a safety error toast too, what do u think?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we are sending :ok status at all time

That's not true. You do in>your< controller, but what if there is a problem on the network, DNS, or somewhere else? How do you handle that error?

import { APIActions } from '../../../redux/API';
import { translate as __ } from '../../../common/I18n';

const JwtTokens = ({ userId }) => {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What if the userID is not set?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If the user is logged in, we always have the @user object set and we are sending it from here so I don't think that would happen

test "User should be able to invalidate jwt for self" do
User.current = users(:one)
user = User.current
FactoryBot.build(:jwt_secret, token: 'test_jwt_secret', user: user)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
FactoryBot.build(:jwt_secret, token: 'test_jwt_secret', user: user)
FactoryBot.create(:jwt_secret, token: 'test_jwt_secret', user: user)

With build the object is not saved in the database, making the assertion pass even if the action was not performing correctly

@girijaasoni girijaasoni force-pushed the 38108 branch 2 times, most recently from e2e14dc to d19a69c Compare December 24, 2024 13:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants