-
Notifications
You must be signed in to change notification settings - Fork 218
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: auth expire self / logout #1279
Conversation
On the I couldn't really make the It is not really an abusable thing given out setup. The |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice. I think this looks great.
My feedback is mostly at our discretion to take it or leave it. So I have approved.
…into auth-expire-self * 'auth-expire-self' of https://github.com/flipt-io/flipt: fix(csrf): dont attempt to create CSRF token when key is not defined (#1280)
Codecov Report
@@ Coverage Diff @@
## main #1279 +/- ##
==========================================
- Coverage 79.82% 79.70% -0.12%
==========================================
Files 42 43 +1
Lines 3217 3267 +50
==========================================
+ Hits 2568 2604 +36
- Misses 521 531 +10
- Partials 128 132 +4
📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
Fixes: FLI-172
auth.ExpireAuthenticationSelf
that takes optionalexpires_at
param to update the current authentication expiration date, defaults to now if not setflipt_client_token
andflipt_client_state
cookies to support logout functionality in the UII made it a PUT because that seemed the most appropriate, even though it isn't technically idempotent since continuos calling (without the optional
expiresAt
field) will result inexpiresAt
getting set to NOW() each time). Open to suggestion though