Commit Graph

6 Commits

Author SHA1 Message Date
Jeremy Wharton
3f26cc599f satellite/console,web/satellite: invalidate sessions after inactivity
Sessions now expire after a much shorter amount of time, requiring
clients to issue API requests for session extension. This is handled
behind the scenes as the user interacts with the page, but once session
expiration is imminent, a modal appears which informs the user of his
inactivity and presents him with the choice of loging out or preserving
his session.

Change-Id: I68008d45859c814a835d65d882ad5ad2199d618e
2022-08-23 15:51:05 +00:00
Jeremy Wharton
58c5d44f44 satellite/console: integrate sessions into satellite UI
This change integrates the session management database functionality
with the web application. Claim-based authentication has been removed
in favor of session token-based authentication.

Change-Id: I62a4f5354a3ed8ca80272814aad2448f901eab1b
2022-06-13 08:02:02 +00:00
Márton Elek
c136796308 test: make http client in TestActivationRouting thread-safe
testplanet executes cockroach and postgress tests parallel, therefore using http.DefaultClient is safe only as long as we don't modify it.

TestActivationRouting modifies it (client.CheckRedirect=...), therefore it should use a local version instead of the default one.

Problem reported by a jenkins build:

```
==================
WARNING: DATA RACE
Write at 0x000003486af0 by goroutine 143:
  storj.io/storj/satellite/console/consoleweb_test.TestActivationRouting.func1()
      /home/jenkins/workspace/storj-testing-experiments/satellite/console/consoleweb/server_test.go:66 +0x378
  storj.io/storj/private/testplanet.Run.func1.1()
...

Previous read at 0x000003486af0 by goroutine 104:
  net/http.(*Client).checkRedirect()
      /usr/local/go/src/net/http/client.go:494 +0xd73
  net/http.(*Client).do()
      /usr/local/go/src/net/http/client.go:691 +0xd31
  net/http.(*Client).Do()
      /usr/local/go/src/net/http/client.go:593 +0x204
  storj.io/storj/satellite/console/consoleweb_test.TestActivationRouting.func1.1()
      /home/jenkins/workspace/storj-testing-experiments/satellite/console/consoleweb/server_test.go:48 +0x1e5
  storj.io/storj/satellite/console/consoleweb_test.TestActivationRouting.func1()
      /home/jenkins/workspace/storj-testing-experiments/satellite/console/consoleweb/server_test.go:74 +0x49d
  storj.io/storj/private/testplanet.Run.func1.1()
...

```

Change-Id: I73319a5a593e067b906ec1fda70a44ca1e5a49a2
2022-05-25 15:27:02 +00:00
Moby von Briesen
5b729779a2 satellite/console: Automatically log a user in after verifying email
When an email is verified, insert an auth cookie so that when the user
is redirected after verifying their email, they are immediately taken to
the onboarding flow.

Change-Id: I557d8a2805b24dd8039ada255522bc1b56cc8b53
2021-10-13 13:08:27 +00:00
Jeremy Wharton
6a6cc28fc1 satellite/console,private/web: Rate limit coupon code application
Rate limits application of coupon codes by user ID to prevent
brute forcing. Refactors the rate limiter to allow limiting based
on arbitrary criteria and not just by IP.

Change-Id: I99d6749bd5b5e47d7e1aeb0314e363a8e7259dba
2021-08-23 17:00:31 +00:00
Jeremy Wharton
615aae6bdd web/satellite: Remove activated account page
Error message for attempting to activate an already-activated
account is removed from its own page and incorporated into the
login page in an identical manner to the message that appears
upon successful activation.

Change-Id: I29cd2685a7808fa71d34a439c86a38eb5fc3e199
2021-07-29 14:47:57 +00:00