open-formulieren / open-forms

Smart and dynamic forms
https://open-forms.readthedocs.io
Other
37 stars 26 forks source link

[2.7.x backport] :bug: [#4528] Disable OIDC SessionRefresh middleware #4760

Closed stevenbal closed 1 month ago

stevenbal commented 1 month ago

previously, if the session in the OIDC provider expired and the sessionrefresh middleware is triggered, the user can not automatically re-authenticate, causing to 403s (and losing changes made in the form designer). In order to avoid session synchronization issues, we remove the SessionRefresh completely, meaning that OIDC is used for logging in, but Open Forms itself is then in charge of managing the session.

Backport-Of: open-formulieren/open-forms#4528

Closes #4528 partially

codecov[bot] commented 1 month ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 96.52%. Comparing base (99ccd27) to head (0bb3d84). Report is 2 commits behind head on stable/2.7.x.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## stable/2.7.x #4760 +/- ## ============================================= Coverage 96.51% 96.52% ============================================= Files 719 719 Lines 24203 24201 -2 Branches 2886 2885 -1 ============================================= - Hits 23360 23359 -1 Misses 576 576 + Partials 267 266 -1 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.