Skip to content

fix(rest): Add token invalidation during logout process. #3293

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix(rest): Add token invalidation during logout process. #3293

wants to merge 1 commit into from

Conversation

nikkuma7
Copy link
Contributor

…calls using a blacklisted token are properly rejected.

Please provide a summary of your changes here.

  • Which issue is this pull request belonging to and how is it solving it? (Refer to issue here)
  • Did you add or update any new dependencies that are required for your change?

Issue: #3292

Suggest Reviewer

You can suggest reviewers here with an @mention.

How To Test?

1: Get a valid token through login.
2: Send POST request to logout endpoint.
post: http://localhost:8080/resource/api/users/logout

3: Verify response status is 200 OK.
4: Try to use the same token again, should receive 401 Unauthorized.
for ex: get: http://localhost:8080/resource/api/users/profile

How should these changes be tested by the reviewer?
Have you implemented any additional tests?

Checklist

Must:

  • All related issues are referenced in commit messages and in PR

@nikkuma7 nikkuma7 force-pushed the fix/configure-logout-mechanism-delelte-using-api branch from bddb916 to c3a7991 Compare July 22, 2025 06:04
@nikkuma7 nikkuma7 added needs code review needs general test This is general testing, meaning that there is no org specific issue to check for needs special test Opposed to general testing, this requires dedicated check at some party's deployment and removed needs general test This is general testing, meaning that there is no org specific issue to check for labels Jul 22, 2025
@nikkuma7 nikkuma7 force-pushed the fix/configure-logout-mechanism-delelte-using-api branch 2 times, most recently from b04d3fd to 3b3da68 Compare July 22, 2025 06:30
@nikkuma7
fix(rest): Add code to token invalidate on logout call, also any api …
fed7270 
…calls using a blacklisted token are properly rejected.

Signed-off-by: nikesh <[email protected]>
@nikkuma7 nikkuma7 force-pushed the fix/configure-logout-mechanism-delelte-using-api branch from 3b3da68 to fed7270 Compare July 22, 2025 07:45
@GMishx GMishx mentioned this pull request Jul 22, 2025
Closed
1 task
@Akilan247
Copy link

Hi @heliocastro @GMishx @KoukiHama @arunakhasan @ag4ums,

I noticed that this issue already has an open PR in progress. I’m interested in contributing to SW360 and have experience working with Java, Spring Boot, REST APIs, and authentication mechanisms such as JWT.

I’ve gone through the contribution guidelines and am ready to follow the required workflow (forking, creating a branch, and submitting a PR). Could you please let me know if there are any similar open issues or enhancements — particularly related to authentication, security improvements, or REST API features — that I could work on from scratch?

Thank you for your time, and I look forward to contributing!

@GMishx
Copy link
Member

GMishx commented Aug 8, 2025

Hi @heliocastro @GMishx @KoukiHama @arunakhasan @ag4ums,

I noticed that this issue already has an open PR in progress. I’m interested in contributing to SW360 and have experience working with Java, Spring Boot, REST APIs, and authentication mechanisms such as JWT.

I’ve gone through the contribution guidelines and am ready to follow the required workflow (forking, creating a branch, and submitting a PR). Could you please let me know if there are any similar open issues or enhancements — particularly related to authentication, security improvements, or REST API features — that I could work on from scratch?

Thank you for your time, and I look forward to contributing!

Hey @Akilan247 , you are correct, you've commented on the PR of the issue that the PR is open for the issue. We have many issues open in the repo: https://github.com/eclipse-sw360/sw360/issues

You can take anyone which suits your area of interest. You can leave a comment on it and we can assign it to you.

@Akilan247
Copy link

Hi @GMishx ,

Thank you for the clarification and for sharing the link. I’ll go through the open issues and look for ones related to authentication, security, or REST API improvements. Once I find a suitable one, I’ll leave a comment on the issue so it can be assigned to me.

Looking forward to contributing!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@heliocastro heliocastro Awaiting requested review from heliocastro heliocastro is a code owner

@GMishx GMishx Awaiting requested review from GMishx GMishx is a code owner

@KoukiHama KoukiHama Awaiting requested review from KoukiHama KoukiHama is a code owner

@arunazhakesan arunazhakesan Awaiting requested review from arunazhakesan arunazhakesan is a code owner

@ag4ums ag4ums Awaiting requested review from ag4ums ag4ums is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

needs code review needs special test Opposed to general testing, this requires dedicated check at some party's deployment

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@nikkuma7 @Akilan247 @GMishx