Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

no longer cache remember me token #3267

Merged
merged 1 commit into from
Sep 13, 2023

Conversation

ike-kottlowski
Copy link
Contributor

Type of change

  • Bug fix
  • New feature development
  • Tech debt (refactoring, code cleanup, dependency upgrades, etc)
  • Build/deploy pipeline (DevOps)
  • Other

Objective

Users are unable to "remember me" when logging in with 2FA. "Remember Me" flow uses the twoFactorToken which was being saved to the cache, this caused the "Remember Me Token" to be saved to the cache and to cause the client to request 2FA even though the token was valid.

Code changes

  • BaseRequestValidator.cs: "Remember Me" token is no longer saved to cache.

Before you submit

  • Please check for formatting errors (dotnet format --verify-no-changes) (required)
  • If making database changes - make sure you also update Entity Framework queries and/or migrations
  • Please add unit tests where it makes sense to do so (encouraged but not required)
  • If this change requires a documentation update - notify the documentation team
  • If this change has particular deployment requirements - notify the DevOps team

@ike-kottlowski ike-kottlowski requested a review from a team as a code owner September 13, 2023 01:57
Copy link
Contributor

@JaredSnider-Bitwarden JaredSnider-Bitwarden left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pulled this down and tested against web with email 2FA. Remember me worked so LGTM!

@bitwarden-bot
Copy link

Logo
Checkmarx One – Scan Summary & Details1f2b8093-572d-45d3-a0e3-6a63e8c954ec

No New Or Fixed Issues Found

@trmartin4 trmartin4 merged commit d3aceea into master Sep 13, 2023
40 checks passed
@trmartin4 trmartin4 deleted the Unable-to-remember-me-in-2FA-flow branch September 13, 2023 13:08
trmartin4 pushed a commit that referenced this pull request Sep 13, 2023
trmartin4 added a commit that referenced this pull request Sep 15, 2023
trmartin4 added a commit that referenced this pull request Sep 16, 2023
* Revert "no longer cache remember me token (#3267)"

This reverts commit c024b4a.

* Revert "made cache key more unique (#3266)"

This reverts commit d6df78e.

* Revert "PM-2128 Enforce one time use of TOTP (#3152)"

This reverts commit 917c657.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants