Uploaded image for project: 'ui-users'
  1. ui-users
  2. UIU-1324

Users that are deleted or deactivated can stay logged in in folio until their token expires (=for a VERY long time)

    XMLWordPrintable

Details

    • Core: F - Sprint 78
    • Prokopovych

    Description

      Overview:
      It seems that the login functionality does neither take user deletion or deactivation status into consideration after the login has happened, leading to very long log-in sessions for users that should have lost their access to FOLIO.

      Steps to Reproduce:

      1. Using one browser, login to FOLIO wit user account A.
      2. Using another browser logged in as another user with the right permissions or by using an API call, either remove the user from FOLIO, or deactivate the user.

      Expected Results:
      The first browser session is terminated or the user is prevented from performing actions in FOLIO afer a short ammount of time.

      Actual Results:
      The user may stay logged in for months.

      TestRail: Results

        Attachments

          Issue Links

            clones

            Bug - A problem which impairs or prevents the functions of the product. CHAL-100 Users that are deleted or deactivated can stay logged in in folio untill their token expires (=for a VERY long time)

            • TBD - To be determined
            • Closed
            is blocked by

            Bug - A problem which impairs or prevents the functions of the product. MODAT-56 validate user deactivation when checking access token

            • P2 - normal priority level, must be included in the current development cycle
            • Closed
            relates to

            New Feature - New feature requests FOLIO-1233 Implement refresh tokens

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Task - A task that needs to be done. FOLIO-2354 Spike: Identify a strategy to work with tokens

            • TBD - To be determined
            • Open

            Activity

              People

                Unassigned Unassigned
                pwanninger Patty Wanninger
                Votes:
                0 Vote for this issue
                Watchers:
                11 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  TestRail: Runs

                    TestRail: Cases