search

coralproject / talk

A better commenting experience from Vox Media
https://coralproject.net
Other
1.89k stars 355 forks source link

Alert admins if their session has expired so they don't lose their work #1040

Closed kgardnr closed 6 years ago

kgardnr commented 6 years ago

Story: As a moderator, I want to know when my admin session has expired so I don't try and take actions that won't save

Goyapa commented 6 years ago

@kgardnr I'd like to tackle this issue.

kgardnr commented 6 years ago

Great @Goyapa, we'd love to have your help with this!

Goyapa commented 6 years ago

Hello @kgardnr, what I have found:

Client: Toast and default pym used. Server: Passport and json web token(jwt).

On the client I found info(msg)? /talk/client/coral-admin/src/services/notification.js

export function createNotificationService(toast) {
  return {
    success(msg) {
      toast(msg, {type: 'success'});
    },
    error(msg) {
      toast(msg, {type: 'error'});
    },
    info(msg) {
      toast(msg, {type: 'info'});
    },
  };
}

Actually I see only fragments and do not see the whole picture, could I get some more info please.

kgardnr commented 6 years ago

Ok great - so I think what you wanna do is detect if a session has expired for the current user, right? And then use the notification service to deliver an error message.

Goyapa commented 6 years ago

What I found is that sessions expires after 24 hours. For current user I'm not sure where to look at. Can you point me in the right direction? Actually I try at talk/client/coral-admin/src/actions/auth.js but than i have to import

import {toast} from 'react-toastify';
import {createNotificationService} from '../services/notification.js';

do not think that is the right way?

Goyapa commented 6 years ago

@cvle with JWT debugger I am able to change "exp" and see the following errors in console. So, set reproduceable "exp" time works as expected.

screenshot from 2017-10-20 15-02-13

I hoped to get an error pointing me to the users "exp" settings. Is this implemented jet? But the last times I asked, it actually was... I got stuck and need some more information.

wyattjoh commented 6 years ago

The exp claim is the definition of when the user would be logged out with that token. My suggestion, set a timeout for when that expiry time is reached to display some sort of UI reflecting the fact that their user session has expired, and prompt them to login again.

Goyapa commented 6 years ago

Ok, thank you @wyattjoh for your suggestion, i'm onto it again!

kgardnr commented 6 years ago

Hey @Goyapa if you still wants to work on this, just make sure you follow the upgrade instructions for v4.0.0: https://coralproject.github.io/talk/migration/4/

wyattjoh commented 6 years ago

Fixed in v5.