Comments (2)
This is known and expected behavior. A re-login is required on the backend, as permissions are tied to a user session. We can (and probably should) invalidate sessions when the user status changes. I think we do this when users get disabled, but maybe not when they're promoted, or demoted, from admin. If we do this, the user would still need to login again, but they'd be forced into it, rather than requiring an explicit log out/log in cycle.
I can look for other solutions as well.
from ashirt-server.
So, the logic that logged someone out after a status change (either to admin or disabled) broke somewhere along the way. I'm looking into the best way to fix it now. Once it's done, it'll behave as I noted earlier: a user will lose their session and be forced to log out. When they attempt to log back in, they'll have their new state (admin, disabled, or reversal to a normal user).
Should be fixed in the attached PR.
from ashirt-server.
Related Issues (20)
- Allow optional descriptions for the default operation tags #6
- Add dependencies and health checks to docker compose files
- Code viewer (ace-editor) height is stuck at 6 lines
- Decide on the future of the HTTP stack and plan out changes HOT 1
- .env.web file? HOT 2
- Re-evaluate OIDC2 behavior
- S3 URLs not used in /findings HOT 1
- Setup weekly rebuilds of main HOT 1
- Add validation to the create evidence form
- Metadata line wrapping HOT 1
- Permalink redirects to query with invalid uuid HOT 4
- Project-specific variables HOT 4
- Additional editable timestamp property on Evidence HOT 3
- Metadata search breaks when using multiple terms
- Improve Timeline Image Loading HOT 1
- Prefix access keys and secret keys with a known value
- Container name cleanup
- Improvements to logging
- AISHIRT
- Rebuild main and release branches HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ashirt-server.