Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

20201118 token expiration #478

Merged
merged 5 commits into from
Dec 7, 2020
Merged

Conversation

peterthomassen
Copy link
Member

@peterthomassen peterthomassen commented Nov 19, 2020

This PR is based on work from another branch that is reviewed in #474. Only the last 5 commits are relevant here.

@peterthomassen peterthomassen force-pushed the 20201118_token_expiration branch 3 times, most recently from 16fb49c to ed8a45c Compare November 19, 2020 23:25
@peterthomassen peterthomassen marked this pull request as ready for review November 19, 2020 23:26
@peterthomassen peterthomassen changed the base branch from master to 20180618_webapp_peter December 2, 2020 17:00
@peterthomassen peterthomassen changed the base branch from 20180618_webapp_peter to master December 2, 2020 17:00
Copy link
Contributor

@nils-wisiol nils-wisiol left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, one usability comment:

I find it unintuitive that in the webapp token table, when I click the "Can manage tokens" slider, I still have to save that row. From my experience with Android, I'd assume it saves automatically/instantly. The background color change didn't help much in my case, as I only had two rows: the login token, dark grey becase disabled, and the current row. The current row was white to begin with, then light grey on hover, then later yellow because of unsaved changes - which I didn't notice. Two ways to improve this could be (in order of my preference): 1. introduce an indicator of unsaved changes on top of the table where the blue bar is currently (preferably in a way that doesn't move the page when it appears/disappears). 2. hide the save button of each row unless there are changes to save 3. auto-save the changes on the slider 4. popup-warning when you leave the page with unsaved changes

As those are more general concerns with how the webapp tables work, we can do this as part of this PR or later, in which case I'd like to ask you to create an issue for it :)

raise exceptions.AuthenticationFailed('Invalid token.')

token.last_used = timezone.now()
token.save()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could this result in concurrency exceptions for parallel requests using the same token?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not behavior introduced by this PR. Still, question is still worth thinking about it

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think so. First, I believe that this does not happen inside a transaction; second, even if it were, one requests would simply delay the other, but not raise an exception (if I got it right).

docs/auth/tokens.rst Outdated Show resolved Hide resolved
docs/auth/tokens.rst Outdated Show resolved Hide resolved
docs/auth/tokens.rst Outdated Show resolved Hide resolved
docs/auth/tokens.rst Outdated Show resolved Hide resolved
@peterthomassen
Copy link
Member Author

I opened the issue regarding the usability comment (#485).

@peterthomassen peterthomassen merged commit 52f5b7b into master Dec 7, 2020
@peterthomassen peterthomassen deleted the 20201118_token_expiration branch December 7, 2020 18:11
@peterthomassen peterthomassen mentioned this pull request Dec 7, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants