pbchess icon indicating copy to clipboard operation
pbchess copied to clipboard
verified publisher icon fave77

JWT token not expiring in provided expiryTime (1 day)

Open adi-g15 opened this issue 5 years ago • 3 comments

Describe the bug :bug: In auth.service.js, the JWT token is issued and it's expiry is set to be 1 day, but even after a day, the person with the old token is still able to modify profile data.

To Reproduce :mag: Steps to reproduce the behavior:

  1. Try to change your account info after a day (ie. after expiryTime of token)
  2. Able to modify profile data

Expected behaviour :honeybee: Instead, one must not be able to modify account data, even after JWT token should have expired

Desktop (please complete the following information): :computer:

  • Windows 10
  • Firefox
  • 88.0

Additional context :memo: Related code where we create the JWT token is in:

https://github.com/fave77/pbchess/blob/42ccc48eff4b3cfb7ea2042605c81f816ea2f4bc/server/src/services/auth.service.js#L28-L43

adi-g15 avatar Apr 25 '21 14:04 adi-g15

please assign me this issue

subhangi2731 avatar Apr 26 '21 04:04 subhangi2731

@fave77 please assign me I can work on this

subhangi2731 avatar May 15 '21 13:05 subhangi2731

@subhangi2731 You are already assigned to #22. Same person will not be assigned multiple issues as of now.

adi-g15 avatar May 15 '21 13:05 adi-g15