theodo-group / bifrost Goto Github PK

https://github.com/theodo/forge/issues/2287

Hi everyone,

On my project, we had a bug where a user could not authenticate on our platform.
His account was created via a csv import where his email address was uppercased.
As of today, the email check on user login is case sensitive https://github.com/theodo/forge/blob/7f9e8e22e1a7b2977c0ee416716bb2fb5a746f58/nest/src/modules/auth/auth.service.ts#L33

By design, email should be case insensitive: https://stackoverflow.com/a/9808332

2 solutions:

• Make the column case insensitive with a Postgre extension
• Update the request to check for lower case fields

Thanks a lot ! :-)

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Rate-Limited

These updates are currently rate-limited. Click on a checkbox below to force their creation now.

• chore(deps): update dependency @algolia/client-search to v4.22.1
• chore(deps): update dependency @types/react to v18.2.64
• chore(deps): update dependency @types/tar to v6.1.11
• chore(deps): update dependency eslint to v8.57.0
• chore(deps): update dependency eslint-plugin-prettier to v5.1.3
• chore(deps): update dependency node to v20.11.1 (node, @types/node)
• chore(deps): update dependency prettier to v3.2.5
• chore(deps): update dependency turbo to v1.12.5
• chore(deps): update dependency vite-tsconfig-paths to v4.3.1
• chore(deps): update typescript-eslint monorepo to v6.21.0 (@typescript-eslint/eslint-plugin, @typescript-eslint/parser)
• chore(deps): update vitest monorepo to v1.3.1 (@vitest/coverage-v8, vitest)
• fix(deps): update dependency clsx to v2.1.0
• fix(deps): update docusaurus monorepo to v3.1.1 (@docusaurus/core, @docusaurus/module-type-aliases, @docusaurus/preset-classic, @docusaurus/theme-classic, @docusaurus/tsconfig, @docusaurus/types)
• chore(deps): update actions/cache action to v4
• chore(deps): update commitlint monorepo to v19 (major) (@commitlint/cli, @commitlint/config-conventional)
• chore(deps): update dependency commander to v12
• chore(deps): update dependency dependency-cruiser to v16
• chore(deps): update dependency eslint-plugin-unused-imports to v3
• chore(deps): update dependency got to v14
• chore(deps): update dependency husky to v9
• chore(deps): update dependency lint-staged to v15
• chore(deps): update dependency syncpack to v12
• chore(deps): update pnpm/action-setup action to v3
• chore(deps): update postgres docker tag to v16
• chore(deps): update typescript-eslint monorepo to v7 (major) (@typescript-eslint/eslint-plugin, @typescript-eslint/parser)
• chore(deps): lock file maintenance
• 🔐 Create all rate-limited PRs at once 🔐

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

• chore(deps): update dependency vite to v5.0.12 [security]
• chore(deps): update commitlint monorepo to v17.8.1 (@commitlint/cli, @commitlint/config-conventional)
• chore(deps): update dependency eslint-plugin-import to v2.29.1
• chore(deps): update dependency syncpack to v8.5.14
• chore(deps): update pnpm to v8.15.4
• chore(deps): update pnpm/action-setup action to v2.4.0
• chore(deps): update actions/checkout action to v4
• chore(deps): update actions/deploy-pages action to v4
• chore(deps): update actions/setup-node action to v4
• chore(deps): update actions/upload-pages-artifact action to v3
• chore(deps): update nrwl/nx-set-shas action to v4
• Click on this checkbox to rebase all open PRs at once

Detected dependencies

• Check this box to trigger a request for Renovate to run again on this repository

There is an issue with how the frontend handles cookies from the login.

should instead read

getAccessFromResponse(await apiClient.post<unknown>(ApiRoutes.login, data, { withCredentials: true })),

Currently, according to XMLHttpRequest specs (which Axios uses behind the scenes), if the request doesn't have withCredentials: true, the Cookies in the response headers (set by Set-Cookie) are simply ignored.

Spent hours debugging why my browser wouldn't use the cookies from the headers, when they were clearly there...
By the way, I guess you should also add the AccessToken in the response cookies, since you'd want to send it via getStaticProps to have authentication for SSR.