[BUG] User data confidentiality compromised! #46

Adeleye080 · 2024-12-31T08:34:45Z

Describe the problem

I could access a new access token using just a simple uuid string given as a refresh-token upon login. This is a dangerous bug that needs quick fix.

Concerned endpoints

/user/refresh_token
/user/login

Steps to reproduce the problem

POST request to the first concerned endpoint

Screenshot (If applicable)

Expected behavior

Refresh token should be a JWT string that is encoded by server and decoded with server secret upon POST request to the first concerned endpoint. This is crucial to maintain security, so that accounts won't be compromised.

Solution

Return refresh token (JWT) upon login alongside access token(JWT) and decode refresh token upon access to the first concerned endpoint

The text was updated successfully, but these errors were encountered:

rohteemie · 2024-12-31T21:22:08Z

Kindly provide a more descriptive analysis of the problem in detail, please.

Adeleye080 added bug Something isn't working correction Request corrections labels Dec 31, 2024

Adeleye080 assigned rohteemie Dec 31, 2024

Adeleye080 changed the title ~~[BUG] Acess to user data compromised!~~ [BUG] User data confidentiality compromised! Jan 2, 2025

Adeleye080 moved this to Todo in iGotha project Jan 6, 2025

Adeleye080 added this to iGotha project Jan 6, 2025

rohteemie moved this from Todo to In Progress in iGotha project Feb 9, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[BUG] User data confidentiality compromised! #46

[BUG] User data confidentiality compromised! #46

Adeleye080 commented Dec 31, 2024

rohteemie commented Dec 31, 2024

[BUG] User data confidentiality compromised! #46

[BUG] User data confidentiality compromised! #46

Comments

Adeleye080 commented Dec 31, 2024

Describe the problem

Concerned endpoints

Steps to reproduce the problem

Screenshot (If applicable)

Expected behavior

Solution

rohteemie commented Dec 31, 2024