sorcery icon indicating copy to clipboard operation
sorcery copied to clipboard

Published 20 hours ago verified publisher icon Sorcery

[WIP] Implement single session module

Open mladenilic opened this issue 5 years ago • 6 comments

This PR implements feature requested by #93 .

Module adds a new session_token field to the user model. Upon each successful login, new token value is generated. Token is then validated with the session token on each request.

One known issue is with the auto_login, similar to issues discussed in (#178). We will need to regenerate session token on auto_login as well. Currently not possible as there are no hooks available.

TO DO

  • [ ] Document new module in readme file
  • [ ] Add config documentation to the initializer
  • [ ] Add wiki guide

mladenilic avatar Dec 22 '19 02:12 mladenilic

Thanks @mladenilic! I'll take a look at this as soon as possible.

joshbuker avatar Dec 23 '19 04:12 joshbuker

If anyone in the community would really like to see this feature added to the next release, it would be very helpful to get some testing of this feature! Unfortunately I'm already neck-deep in work and personal projects, and don't really have the time to spare to do a thorough look at this PR.

joshbuker avatar May 05 '20 20:05 joshbuker

@amialive So to get started with this one, you'll want to get a workspace ready first:

  • Fork the Sorcery repo
  • Clone your fork to your local machine
  • Add Sorcery/sorcery as a remote on your repo (git remote add upstream [email protected]:sorcery/sorcery.git)
  • Checkout the PR - See script below for example of how to do this.
# ~/.bash_aliases

git_pr() {
  if [ -z "$1" ] || [ -z "$2" ] || [ -z "$3" ] ; then
    echo "Missing required arguments:"
    echo "1 - origin/upstream (remote where PR exists, not the fork)"
    echo "2 - pull request ID (e.g. '42' without quotation)"
    echo "3 - local branch to fetch onto (must not already exist)"
  else
    if git fetch $1 pull/$2/head:$3 ; then
      git checkout $3
    else
      echo "Failed to fetch pull request $2"
    fi
  fi
}

From there you should be able to start poking around the code.

joshbuker avatar May 08 '20 22:05 joshbuker

@amialive if you get stuck or confused, please reach out and I will do what I can to help out.

joshbuker avatar May 11 '20 18:05 joshbuker

I ended up going with a slightly different methodology for enforcing single sign on in v1, which also better supports JWT revocation.

joshbuker avatar Jun 05 '21 00:06 joshbuker

I ended up going with a slightly different methodology for enforcing single sign on in v1, which also better supports JWT revocation.

when is V1 planned to be released? thanks

simonyang998 avatar Mar 18 '22 02:03 simonyang998