Skip to content

no longer cache remember me token#3267

Merged
trmartin4 merged 1 commit intomasterfrom
Unable-to-remember-me-in-2FA-flow
Sep 13, 2023
Merged

no longer cache remember me token#3267
trmartin4 merged 1 commit intomasterfrom
Unable-to-remember-me-in-2FA-flow

Conversation

@ike-kottlowski
Copy link
Copy Markdown
Contributor

@ike-kottlowski ike-kottlowski commented Sep 13, 2023

Type of change

  • Bug fix
  • New feature development
  • Tech debt (refactoring, code cleanup, dependency upgrades, etc)
  • Build/deploy pipeline (DevOps)
  • Other

Objective

Users are unable to "remember me" when logging in with 2FA. "Remember Me" flow uses the twoFactorToken which was being saved to the cache, this caused the "Remember Me Token" to be saved to the cache and to cause the client to request 2FA even though the token was valid.

Code changes

  • BaseRequestValidator.cs: "Remember Me" token is no longer saved to cache.

Before you submit

  • Please check for formatting errors (dotnet format --verify-no-changes) (required)
  • If making database changes - make sure you also update Entity Framework queries and/or migrations
  • Please add unit tests where it makes sense to do so (encouraged but not required)
  • If this change requires a documentation update - notify the documentation team
  • If this change has particular deployment requirements - notify the DevOps team

@ike-kottlowski ike-kottlowski requested a review from a team as a code owner September 13, 2023 01:57
JaredSnider-Bitwarden
JaredSnider-Bitwarden approved these changes Sep 13, 2023
View reviewed changes
Copy link
Copy Markdown
Contributor

@JaredSnider-Bitwarden JaredSnider-Bitwarden left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pulled this down and tested against web with email 2FA. Remember me worked so LGTM!

@bitwarden-bot
Copy link
Copy Markdown

bitwarden-bot commented Sep 13, 2023

Logo
Checkmarx One – Scan Summary & Details1f2b8093-572d-45d3-a0e3-6a63e8c954ec

No New Or Fixed Issues Found

@trmartin4 trmartin4 merged commit d3aceea into master Sep 13, 2023
@trmartin4 trmartin4 deleted the Unable-to-remember-me-in-2FA-flow branch September 13, 2023 13:08
trmartin4 pushed a commit that referenced this pull request Sep 13, 2023
@ike-kottlowski @trmartin4
no longer cache remember me token (#3267)
c024b4a 
(cherry picked from commit d3aceea)
trmartin4 added a commit that referenced this pull request Sep 15, 2023
@trmartin4
Revert "no longer cache remember me token (#3267)"
c857e22 
This reverts commit c024b4a.
trmartin4 added a commit that referenced this pull request Sep 16, 2023
@trmartin4
Reverting TOTP changes from rc branch (#3276)
6b0d031 
* Revert "no longer cache remember me token (#3267)"

This reverts commit c024b4a.

* Revert "made cache key more unique (#3266)"

This reverts commit d6df78e.

* Revert "PM-2128 Enforce one time use of TOTP (#3152)"

This reverts commit 917c657.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JaredSnider-Bitwarden JaredSnider-Bitwarden JaredSnider-Bitwarden approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ike-kottlowski @bitwarden-bot @JaredSnider-Bitwarden @trmartin4