halo icon indicating copy to clipboard operation
halo copied to clipboard
verified publisher icon halo-dev

feat: add remember-me mechanism to enhance user login experience

Open guqing opened this issue 1 year ago • 4 comments

What type of PR is this?

/kind feature /area core /milestone 2.16.x

What this PR does / why we need it:

为登录增加记住我机制以优化登陆体验

how to test it?

  1. 勾选记住密码选项后登录
  2. 退出浏览器后打开 console 期望依然可以访问而不需要登录
  3. 测试修改密码功能,期望修改密码后所有会话需要重新登录包括当前设备和其他设备

Which issue(s) this PR fixes:

Fixes #2362

Does this PR introduce a user-facing change?

为登录增加记住我机制以优化登录体验

guqing avatar May 16 '24 06:05 guqing

@ruibaby 帮忙适配一下 Console 登陆页面,添加记住我选项,此时需要为登陆 API 传递查询参数 remember-me=true

guqing avatar May 16 '24 06:05 guqing

Codecov Report

Attention: Patch coverage is 27.16535% with 185 lines in your changes are missing coverage. Please review.

Project coverage is 56.46%. Comparing base (5fdf6c0) to head (d4573bb). Report is 199 commits behind head on main.

:exclamation: Current head d4573bb differs from pull request most recent head 66c03ee

Please upload reports for the commit 66c03ee to get more accurate results.

Files Patch % Lines
...ation/rememberme/TokenBasedRememberMeServices.java 23.71% 117 Missing and 2 partials :warning:
.../authentication/login/UsernamePasswordHandler.java 8.33% 22 Missing :warning:
...on/rememberme/RememberMeAuthenticationManager.java 12.50% 14 Missing :warning:
...ation/rememberme/RememberMeCookieResolverImpl.java 26.31% 14 Missing :warning:
...un/halo/app/security/LogoutSecurityConfigurer.java 10.00% 9 Missing :warning:
...ion/rememberme/RememberMeAuthenticationFilter.java 72.72% 3 Missing :warning:
.../rememberme/DefaultCookieSignatureKeyResolver.java 33.33% 2 Missing :warning:
.../halo/app/infra/properties/SecurityProperties.java 66.66% 0 Missing and 1 partial :warning:
...urity/authentication/login/impl/RsaKeyService.java 0.00% 1 Missing :warning:
Additional details and impacted files 
@@             Coverage Diff              @@
##               main    #5929      +/-   ##
============================================
- Coverage     56.91%   56.46%   -0.45%     
- Complexity     3319     3512     +193     
============================================
  Files           587      617      +30     
  Lines         18968    20745    +1777     
  Branches       1401     1440      +39     
============================================
+ Hits          10795    11713     +918     
- Misses         7594     8449     +855     
- Partials        579      583       +4

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

codecov[bot] avatar May 16 '24 06:05 codecov[bot]

/ping @JohnNiang

guqing avatar May 21 '24 09:05 guqing

/hold 经过探讨发现通过 session 的 cookie 来实现 remember me 很容易被覆盖比如 totp,因此此 PR 将实现 Token Based 的方式来使用一个新的 cookie 值避免被影响

guqing avatar May 22 '24 04:05 guqing

/unhold

guqing avatar May 23 '24 04:05 guqing

另外,建议本地 squash 一下 commits。

Done

guqing avatar May 23 '24 08:05 guqing

Quality Gate Passed Quality Gate passed

Issues
4 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.2% Duplication on New Code

See analysis details on SonarCloud

sonarqubecloud[bot] avatar May 24 '24 04:05 sonarqubecloud[bot]

Codecov Report

Attention: Patch coverage is 27.38095% with 183 lines in your changes are missing coverage. Please review.

Project coverage is 56.38%. Comparing base (5fdf6c0) to head (66c03ee). Report is 201 commits behind head on main.

Files Patch % Lines
...ation/rememberme/TokenBasedRememberMeServices.java 23.71% 117 Missing and 2 partials :warning:
.../authentication/login/UsernamePasswordHandler.java 8.33% 22 Missing :warning:
...on/rememberme/RememberMeAuthenticationManager.java 12.50% 14 Missing :warning:
...ation/rememberme/RememberMeCookieResolverImpl.java 26.31% 14 Missing :warning:
...un/halo/app/security/LogoutSecurityConfigurer.java 10.00% 9 Missing :warning:
...ion/rememberme/RememberMeAuthenticationFilter.java 72.72% 3 Missing :warning:
.../halo/app/infra/properties/SecurityProperties.java 66.66% 0 Missing and 1 partial :warning:
.../rememberme/DefaultCookieSignatureKeyResolver.java 50.00% 1 Missing :warning:
Additional details and impacted files 
@@             Coverage Diff              @@
##               main    #5929      +/-   ##
============================================
- Coverage     56.91%   56.38%   -0.53%     
- Complexity     3319     3501     +182     
============================================
  Files           587      615      +28     
  Lines         18968    20698    +1730     
  Branches       1401     1439      +38     
============================================
+ Hits          10795    11671     +876     
- Misses         7594     8446     +852     
- Partials        579      581       +2

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

codecov-commenter avatar May 24 '24 05:05 codecov-commenter

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: JohnNiang

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment

f2c-ci-robot[bot] avatar May 24 '24 06:05 f2c-ci-robot[bot]