openkfw / TruBudget

A blockchain-based workflow tool for efficient and transparent project management
https://openkfw.github.io/trubudget-website/
GNU General Public License v3.0
86 stars 40 forks source link

Enhance JWT checking #1075

Open Stezido opened 2 years ago

Stezido commented 2 years ago

Discussed in https://github.com/openkfw/TruBudget/discussions/1010

Originally posted by **mayrmartin** November 9, 2021 As of now only the validity of the JWT is only checked by validating the signature & the expiration time. This brings up different problems in different domains, i.e. - Assume a user has an existing & valid token & the admin plans to ban/remove a user. The admin performs the ban/deletion & the API blocks further login-attempts from the user. But the banned user, who still holds a valid token, will still be able to interact with the system as long as the token does not expire / the user does not sign out. - Assume a user has an existing & valid token. While the session exists, the blockchain infrastructure gets redeployed/reset. When the logged-in user wants to execute blockchain-related procedures (i.e. approve slave node) the call will fail since the address saved in the JWT diverges from the actual address. This scenario will probably only happen in development but can be rated as cross-cutting-concern and could possibly affect other, slightly altered, scenarios that could occur in a production environment. Both described scenarios could be solved by altering the validation of the JWT. Improvements could contain: - Alter the existing JWT check function to not only validate signature & expiration time - an additional reminder to rotate keys when redeploying parts of the system, forcing users to log-in again & therefore get a new JWT. - Implementation of renew-token: This would allow updating user information stored in the JWT periodically & would avoid forcing the user to re-sign-in once the token expired (probably overkill at this stage)
stale[bot] commented 2 years ago

This issue has been automatically marked as stale because it has not had activity for 30 days. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] commented 2 years ago

This issue has been automatically closed because of inactivity. You can re-open it if needed.

jzakotnik commented 3 months ago

@SamuelPull I believe this could be closed by the recent implementation of sessions?