Open quexten opened 5 days ago
Attention: Patch coverage is 0%
with 7 lines
in your changes missing coverage. Please review.
Project coverage is 29.30%. Comparing base (
591f444
) to head (592bd35
). Report is 1 commits behind head on main.
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
Checkmarx One â Scan Summary & Details â 5acb029f-8943-4f7a-b480-dae5db06b8fe
Severity | Issue | Source File / Package | Checkmarx Insight |
---|---|---|---|
![]() |
Angular_Improper_Type_Pipe_Usage | /bitwarden_license/bit-web/src/app/admin-console/providers/providers-layout.component.html: 50 | Attack Vector |
I'll note the appcomponent broadcaster logic seems to be deprecated, but refactoring the process reload / lock events seems like a different task, so I made the (limited) changes here. We should revisit this logic at some point though.
I think there is this ticket https://bitwarden.atlassian.net/browse/PM-8544 to investigate the browsers logic related to logout, and this comment:
In a brief test, a timeout setting on a non-active account (the only way on browser to get a lock/logout on an inactive account that I know of), did seem to trigger a process reload / the popup to get closed.
đī¸ Tracking
https://bitwarden.atlassian.net/browse/PM-6037
đ Objective
When logging out inactive accounts, no process reload is triggered, keeping auth tokens in renderer process memory. This is because the authservice specifically filtered for the active userId. This PR removes that check, ensuring process reloads for inactive accounts.
It seems that the loggedOut message was only called for the active user Id because it also changes the notification service connection status. Because of this, we now pass the userId-to-be-logged-out in the message, and compare this against the active userId in the message handler.
â° Reminders before review
đĻŽ Reviewer guidelines
:+1:
) or similar for great changes:memo:
) or âšī¸ (:information_source:
) for notes or general info:question:
) for questions:thinking:
) or đ (:thought_balloon:
) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion:art:
) for suggestions / improvements:x:
) or â ī¸ (:warning:
) for more significant problems or concerns needing attention:seedling:
) or âģī¸ (:recycle:
) for future improvements or indications of technical debt:pick:
) for minor or nitpick changes