Open orubel opened 11 months ago
Ok so added this in but now have to do checks on this information
Also need to add a server side 'secret' generator and add hashed variable as part of userDetails after authentication.
Moving os/browser set/get functionality to JwtTokenUtil
done and tested. closing
Need to store this data on 'registration' so that I can compare with past login attempts.
If details don't match past logins, send email and request validation of new details.
Need to check request details to make sure token hijacking isn't occurring (yes, this CAN be spoofed but this provides an additional layer that they have to spoof as well when doing a MITM; this allows us to log out user and pre-emptively warn at the very least)
String ip = request. getRemoteAddr() String userAgent = request.getHeader("User-Agent");
NOTE: will have to have associated table ('a given User has one /many RequestDetail and RequestDetail has one User')
Found this on Stackoverflow. This is sloppy and should be converted to compiled regex...