Make sure blocked users tokens aren't valid anymore #30

New Issue

Jef Roosens · 2021-08-30T09:26:46+02:00

Jef Roosens commented

2021-08-30 09:26:46 +02:00

Right now, we just read the JWT & check if it's been expired, but this doesn't account for users that have been blocked but still have some time left on their token.

Maybe we can keep a store in memory that handles these edge cases? A database operation would be too expensive imo every time we check a JWT.

Right now, we just read the JWT & check if it's been expired, but this doesn't account for users that have been blocked but still have some time left on their token. Maybe we can keep a store in memory that handles these edge cases? A database operation would be too expensive imo every time we check a JWT.

Jef Roosens added this to the (deleted) milestone 2021-08-30 09:26:46 +02:00

Jef Roosens added the

bug

Backend

labels 2021-08-30 09:26:46 +02:00

Jef Roosens referenced this issue

2021-08-30 09:33:12 +02:00

Don't allow deleted users to use valid JWT #31

Jef Roosens removed this from the (deleted) milestone 2021-09-04 19:03:07 +02:00

Jef Roosens added the

Security

label 2021-09-13 16:27:59 +02:00