Issues with Security Features about api HOT 6 CLOSED

Thank you for this. In this case is removing the IP restriction view in users from staart-ui a reasonable plan? If a user should always be able to login to thier own account it might remove some confusion.

from api.

Issue-Label Bot is automatically applying the label bug to this issue, with a confidence of 0.91. Please mark this comment with 👍 or 👎 to give our bot feedback!

Links: app homepage, dashboard and code for this bot.

from api.

Hi @mattp95, thanks for opening this issue!

I haven't tested IP whitelisting in the live version right now, but the logic is available here in jwt.ts and it's used in the middleware here. It seems like this is only in the API key right now, not users, so I'll make sure I add it there too.

I think it's best to add the IP check when on the organization settings/dashboard, but not the user. Since a user can be part of multiple organizations, they should still be able to edit their profile, change their password, etc., from any IP address, and only be restricted to an IP/CIDR range when they're in their organization.

I'll also have a closer look at the invalidation token. How it works right now is using Redis. The logic for that is available here in jwt.ts. Maybe it could be something to do with your Redis configuration that it's not saving it? Maybe it just doesn't work. I'll have a look. 😄

from api.

⚠️ This issue has not seen any activity in the past 2 months so I'm marking it as stale. I'll close it if it doesn't see any activity in the coming week.

from api.

⚠️ This issue has not seen any activity in the past 2 months so I'm marking it as stale. I'll close it if it doesn't see any activity in the coming week.

from api.

⚠️ This issue has not seen any activity in the past 2 months so I'm marking it as stale. I'll close it if it doesn't see any activity in the coming week.

from api.