vikunja
/
vikunja
6
43
Fork 70
Code Issues 150 Pull Requests 12 Packages Releases 32 Activity

Invalid JWT should redirect frontend to login page #1927

New Issue
Closed
opened 2022-07-07 10:15:22 +00:00 by distrobyte · 1 comment
distrobyte commented 2022-07-07 10:15:22 +00:00
Copy Link

When the Vikunja container is recreated, all the tokens become expired. A user trying to log in after this happens is not directed to the login page, instead a small error is displayed in the bottom corner which says that the JWT is expired.

A potential solution to this would be to redirect to the login page on expired JWT, unsure how feasible this will be as the login page and the "home" page are at the same URL.

When the Vikunja container is recreated, all the tokens become expired. A user trying to log in after this happens is not directed to the login page, instead a small error is displayed in the bottom corner which says that the JWT is expired. A potential solution to this would be to redirect to the login page on expired JWT, unsure how feasible this will be as the login page and the "home" page are at the same URL.
konrad added the
kind/feature
 label 2022-07-07 13:06:06 +00:00
konrad commented 2022-07-07 13:08:26 +00:00
Owner
Copy Link

You'll want to set a jwt secret to avoid all sessions getting invalidated when you restart the container.

In the next release (already in unstable) the behaviour was changed to do exactly what you're describing: When the user visits the page with an expired token the login page is displayed instead of an error.

You'll want to set a [jwt secret](https://vikunja.io/docs/config-options/#jwtsecret) to avoid all sessions getting invalidated when you restart the container. In the next release (already in unstable) the behaviour was changed to do exactly what you're describing: When the user visits the page with an expired token the login page is displayed instead of an error.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
main
renovate/camel-case-5.x
renovate/go-1.x
renovate/lowlight-3.x
renovate/golang.org-x-sync-0.x
renovate/major-dev-dependencies
renovate/github.com-wneessen-go-mail-0.x
renovate/golangci-golangci-lint-1.x
feature/better-filter-syntax
fix/tiptap-task-list
renovate/flexsearch-0.x
feature/zod-schema
renovate/github.com-typesense-typesense-go-1.x
renovate/github.com-golang-jwt-jwt-v4-5.x
automatic-year-range-for-go-header-template
feature/hide-forbidden-related-tasks
renovate/golang-1.x
release/0.20
release/0.17
release/0.16
release/0.15
release/0.14
release/0.13
v0.23.0
v0.22.1
v0.22.0
v0.21.0
v0.20.4
v0.20.3
v0.20.2
v0.20.1
v0.20.0
v0.19.2
v0.19.1
v0.19.0
v0.18.1
v0.18.0
v0.17.1
v0.17.0
v0.16.1
v0.16.0
v0.15.1
v0.15.0
v0.14.1
v0.14.0
v0.13.1
v0.13
v0.12
v0.11
v0.10
v0.9
v0.8
v0.7
v0.6
v0.5
v0.4
v0.3
v0.2
v0.1
Labels
Clear labels   
dependencies

   
duplicate

This issue or pull request already exists

  
help wanted

Need some help

  
invalid

Something is wrong

  
kind/bug

Something is not working

  
kind/feature

New feature

  
needs reproduction

   
question

More information is needed

  
security

   
wontfix

This won't be fixed

No Label
dependencies
duplicate
help wanted
invalid
kind/bug
kind/feature
needs reproduction
question
security
wontfix
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: vikunja/vikunja#1927
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?