Rotating private/public keys causes login page to Internal Server Error

quarkiverse / quarkus-renarde

Server-side Web Framework with Qute templating, magic/easier controllers, auth, reverse-routing

Apache License 2.0

73 stars 16 forks source link

Rotating private/public keys causes login page to Internal Server Error #222

Closed gbourant closed 1 week ago

gbourant commented 2 weeks ago

If you rotate the private/public keys of a Renarde application then when you visit directly the login page it causes an Internal Server Error by RenardeSecurity#makeRedirectToLogin.

if (request.uri().equals(config.getLoginPage())) {
            // this would cause a redirect loop, not sure how to handle, but not by redirecting
            log.errorf("Redirect loop at %s, giving up on clearing bad JWT cookie", config.getLoginPage());
            return Response.serverError().build();
}

FroMage commented 2 weeks ago

Do you have a way to reproduce this?