Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Some more authrequest changes #5188

Merged
merged 2 commits into from
Nov 15, 2024
Merged

Some more authrequest changes #5188

merged 2 commits into from
Nov 15, 2024

Conversation

dani-garcia
Copy link
Owner

@dani-garcia dani-garcia commented Nov 12, 2024

  • Previously we weren't setting the response date anywhere, it doesn't seem used but might as well return it just in case.
  • If an authentication request was approved already, we don't allow to do it again. This is to match with what Bitwarden is doing, though I don't think there's a way to actually do it or exploit it somehow.
  • Added an explicit time limit for the auth requests, previously we relied on our scheduled job to clean them up, and a user could technically disable that.

@dani-garcia dani-garcia requested a review from BlackDex November 12, 2024 19:24
@dani-garcia dani-garcia merged commit 0d16b38 into main Nov 15, 2024
8 checks passed
@dani-garcia dani-garcia deleted the authrequest_changes branch November 15, 2024 10:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants